I have stumbled across a line item under the Monitor, Communications, MSCI, Gar Login Attempts in AirVantage that I cannot seem to find documentation about. The line reads “635 failed logins detected in less than one hour”. Can anyone explain what this means? I am assuming that this is some sort of access attack however unsure. Rather odd as I have the modem locked down to three trusted IP’s.
Finally received a reply from Sierra in case anyone is interested…
What you’re seeing is a number of failed login attempts to AceManager recorded by Gateway Anomaly Reporting (GAR). Is the gateway in question publicly accessible? Although the number of failed logins is quite high, attempts to gain unsolicited access to publicly available devices is common, and they originate from all over the world. As you may know, it is not just limited to Sierra Wireless devices, but any device that is on a public network. If this device is not on a public network, we’ll need to find out where these requests are being sourced from.
To limit the number of failed login attempts, our first recommendation would be to:
- Change the AceManager password if it hasn’t already been changed from the default “12345”.
- Disable AceManager Remote Access (HTTP/HTTPS).
a. If not possible, change the default HTTP and HTTPS ports (9191 and 9443, respectively)