What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Monitoring APC UPS: Unauthorized user attempting to access the FTP interface

Votes:

0

After I've began to monitor a APC's Network Management Card for a Smart-UPS I'm receiving frequent messages in the UPS's software:


"Detected an unauthorized user attempting to access the FTP interface from 192.168.100.1." (The actual IP Address of the PRTG Probe)


Why does this happen and how to stop it?

apc auto-discovery ftp smart-ups unauthorized ups

Created on Jun 23, 2015 6:56:38 AM by  Luciano Lingnau [Paessler]

Last change on Jun 23, 2015 7:01:46 AM by  Luciano Lingnau [Paessler]



7 Replies

Accepted Answer

Votes:

1

Depending of the settings used for the Auto-Discovery you may end up with a FTP Sensor, in that case PRTG will try to access the FTP on every scan interval, without proper Credentials configured in the Sensor's Settings you may get this sort of message.

Solution: Either configure the proper credentials on the sensor or remove/pause the FTP Sensor if it's not required.

Created on Jun 23, 2015 7:00:01 AM by  Luciano Lingnau [Paessler]

Last change on Feb 10, 2017 8:37:08 AM by  Luciano Lingnau [Paessler]



Votes:

0

I am also getting same error . Also I am getting another message as below

Detected an unauthorized user attempting to access the FTP interface from 10.x.x.x
Detected an unauthorized user attempting to access the control console interface from 10.x.x.x

How can I resolve this .

Could you please provide steps

Created on Feb 9, 2017 1:47:50 PM

Last change on Feb 10, 2017 8:36:06 AM by  Luciano Lingnau [Paessler]



Votes:

0

Hello @sharonjose,
thank you for your reply/post.

Please refer to solution suggested here: Best Answer

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Feb 10, 2017 8:36:58 AM by  Luciano Lingnau [Paessler]



Votes:

0

Hello, I am getting the same message from the APC UPS except it says SNMP instead of FTP. I do have correct SNMP credentials and I can monitor the APC UPS via SNMP Library Sensor. I receive this message over 20 times a day.

The exact message is:

Detected an unauthorized user attempting to access the SNMP interface from xxx.xxx.xxx.xxx

Please advice.

Jose Pineda

Created on Aug 22, 2017 6:29:56 PM

Last change on Aug 24, 2017 7:24:25 AM by  Luciano Lingnau [Paessler]



Votes:

0

Hello Jose,
thank you for your reply.

If the xxx.xxx.xxx.xxx address belongs to PRTG (or a PRTG Probe), search for the device's address in PRTG, the device may be deployed more than once and may be attempting to use incorrect credentials.

If you have an auto-discovery group that will scan that range it could also cause this message if the group doesn't have the correct SNMP Credentials set.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Aug 23, 2017 7:08:27 AM by  Luciano Lingnau [Paessler]



Votes:

0

Thank you Luciano, I have traced th IP xxx.xxx.xxx.xxx to be my Fortinet Firewall. I do have SNMP enabled in the firewall but with a different community string than the APC device. Should the community strings be the same in both devices?

Thanks

Created on Aug 23, 2017 3:57:28 PM



Votes:

0

Hello Jose,
thank you for your reply.

I can't think of any reason why the Fortinet would poll the APC using SNMP. Essentially both devices support SNMP as an "agent/monitored device". They can have different SNMP communities, that's not a problem and the Fortigate shouldn't be polling the device (I even doubt it has the capabilities to do so).

Could it be that you're seeing this connection as coming from the Fortinet because of an inbound NAT which masquerades the real IP of the device trying to poll the APC? You may want to set-up a "Filter" or "Live View" (if the Fortigate has something like this) to view all port 161 traffic on the firewall (to see the source interface if it's coming from somewhere else)

Lastly, you could also pause the "Root" element of your PRTG for a couple of minutes to check if the messages continue or stop. This will tell you if PRTG is involved in any way.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Aug 24, 2017 7:28:16 AM by  Luciano Lingnau [Paessler]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.