>From what I know, the only services exposed by default to the public interface >on a VR is HAProxy and IKE, maybe something there.
BR, Ricardo ________________________________ From: Antoine Boucher <[email protected]> Sent: Tuesday, April 5, 2022 2:46:36 PM To: users <[email protected]> Subject: Unauthorized access to VR VM Someone has externally gained access to one of our VR vm and installed an application that tried to ssh to other ips on the web. The VR started to miss health checks about a day ago, looking at the VR running process we discovered that the process ksoftirqd was 95% busy. We killed the VR and discovered during our investigation from other systems that the vm was blasting the web trying to connect on port 22. Unfortunately, the vr has been deleted. What could have happened? Any known security issues on the 4.16.1.0 vr template? Regards, Antoine
