After I've began to monitor a APC's Network Management Card for a Smart-UPS I'm receiving frequent messages in the UPS's software:
"Detected an unauthorized user attempting to access the FTP interface from 192.168.100.1." (The actual IP Address of the PRTG Probe)
Why does this happen and how to stop it?
Article Comments
I am also getting same error . Also I am getting another message as below
| Detected an unauthorized user attempting to access the FTP interface from 10.x.x.x |
| Detected an unauthorized user attempting to access the control console interface from 10.x.x.x |
How can I resolve this .
Could you please provide steps
Feb, 2017 - Permalink
Hello @sharonjose,
thank you for your reply/post.
Please refer to solution suggested here: Best Answer
Best Regards,
Luciano Lingnau [Paessler Support]
Feb, 2017 - Permalink
Hello, I am getting the same message from the APC UPS except it says SNMP instead of FTP. I do have correct SNMP credentials and I can monitor the APC UPS via SNMP Library Sensor. I receive this message over 20 times a day.
The exact message is:
| Detected an unauthorized user attempting to access the SNMP interface from xxx.xxx.xxx.xxx |
Please advice.
Jose Pineda
Aug, 2017 - Permalink
Hello Jose,
thank you for your reply.
If the xxx.xxx.xxx.xxx address belongs to PRTG (or a PRTG Probe), search for the device's address in PRTG, the device may be deployed more than once and may be attempting to use incorrect credentials.
If you have an auto-discovery group that will scan that range it could also cause this message if the group doesn't have the correct SNMP Credentials set.
Best Regards,
Luciano Lingnau [Paessler Support]
Aug, 2017 - Permalink
Thank you Luciano, I have traced th IP xxx.xxx.xxx.xxx to be my Fortinet Firewall. I do have SNMP enabled in the firewall but with a different community string than the APC device. Should the community strings be the same in both devices?
Thanks
Aug, 2017 - Permalink
Hello Jose,
thank you for your reply.
I can't think of any reason why the Fortinet would poll the APC using SNMP. Essentially both devices support SNMP as an "agent/monitored device". They can have different SNMP communities, that's not a problem and the Fortigate shouldn't be polling the device (I even doubt it has the capabilities to do so).
Could it be that you're seeing this connection as coming from the Fortinet because of an inbound NAT which masquerades the real IP of the device trying to poll the APC? You may want to set-up a "Filter" or "Live View" (if the Fortigate has something like this) to view all port 161 traffic on the firewall (to see the source interface if it's coming from somewhere else)
Lastly, you could also pause the "Root" element of your PRTG for a couple of minutes to check if the messages continue or stop. This will tell you if PRTG is involved in any way.
Best Regards,
Luciano Lingnau [Paessler Support]
Aug, 2017 - Permalink
Depending of the settings used for the Auto-Discovery you may end up with a FTP Sensor, in that case PRTG will try to access the FTP on every scan interval, without proper Credentials configured in the Sensor's Settings you may get this sort of message.
Solution: Either configure the proper credentials on the sensor or remove/pause the FTP Sensor if it's not required.
Jun, 2015 - Permalink