Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 360
  • Last Modified:

standalone esxi5.0.0 logging 'user root@ipaddress logged in' every few seconds?

just noticed this on one of my hosts.  

Any ideas?
0
CHI-LTD
Asked:
CHI-LTD
  • 4
  • 3
3 Solutions
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
lookup the IP Address, in DNS, traceroute, and find out which server it's coming from.

Change your root password if in doubt.

e.g. Veeam, Altiris, other management solutions.
0
 
CHI-LTDAuthor Commented:
sorry, i did, its my machine..
also downed the acronis appliance, no change.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
So, what do you have running on your machine?

PowerCLI ?
0
 
CHI-LTDAuthor Commented:
ha ha who klnows!  lots of things.
shut it down and its stopped.  will now see whats causing it.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
RV Tools, vSphere Client, VMware Flings

It's probably best to create yourself, a new "root" account, specific to you, so you can easily track these access requests.
0
 
CHI-LTDAuthor Commented:
solarwinds vm monitor!!
0
 
Mohammed KhawajaManager - Infrastructure: Information TechnologyCommented:
in h future if you want to know what process on your PC is doing this then run netstat -ab and it will show active connections and the filename.   Look for connections to your Esx server IP address.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Look at creating a new user e.g. Service_Solarwinds in ESXi, it makes it more secure, than using the root account to login, and you will then know what the account is!
0
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now