[j-nsp] SSH attack

Dan Goscomb dang at goscomb.net
Wed Feb 20 18:16:32 EST 2008


Firewall the interface on lo0 is the best way ;)


interfaces {
    lo0 {
        unit 0 {
            family inet {
                filter {
                    input router-protect;
                }
	    }
        }
    }
}

firewall {
filter router-protect {
    term 1 {
        from {
            source-address {
                0.0.0.0/0;
                1.2.3.4/32 except;
                2.3.4.5/32 except;
            }
            protocol tcp;
            destination-port ssh;
        }
        then {
            discard;
        }
    }
    term catch {
        then accept;
    }
}
}

On Wed, 2008-02-20 at 16:15 -0400, Ying Zhang wrote:
> Hello, all,
> 
> On our Juniper router, we constantly see people trying to connect through SSH. I've tried everything I can find to eliminate it. The following is what I've done so far. Just wondering if there is a better way to stop it on the router (we do block port ssh on every link). Thanks in advance.
> 
> root-login deny;
> protocol-version v2;
> connection-limit 5;
> rate-limit 1;
> 
> retry-options {
>     tries-before-disconnect 2;
>     backoff-threshold 2;
>     backoff-factor 10;
>     minimum-time 20;
> }
> 
> 
> C
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list