[j-nsp] SSH attack
Dan Goscomb
dang at goscomb.net
Wed Feb 20 18:16:32 EST 2008
Firewall the interface on lo0 is the best way ;)
interfaces {
lo0 {
unit 0 {
family inet {
filter {
input router-protect;
}
}
}
}
}
firewall {
filter router-protect {
term 1 {
from {
source-address {
0.0.0.0/0;
1.2.3.4/32 except;
2.3.4.5/32 except;
}
protocol tcp;
destination-port ssh;
}
then {
discard;
}
}
term catch {
then accept;
}
}
}
On Wed, 2008-02-20 at 16:15 -0400, Ying Zhang wrote:
> Hello, all,
>
> On our Juniper router, we constantly see people trying to connect through SSH. I've tried everything I can find to eliminate it. The following is what I've done so far. Just wondering if there is a better way to stop it on the router (we do block port ssh on every link). Thanks in advance.
>
> root-login deny;
> protocol-version v2;
> connection-limit 5;
> rate-limit 1;
>
> retry-options {
> tries-before-disconnect 2;
> backoff-threshold 2;
> backoff-factor 10;
> minimum-time 20;
> }
>
>
> C
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list