[j-nsp] SSH attack

Chris Morrow morrowc at ops-netman.net
Wed Feb 20 18:17:45 EST 2008


how about you just put a firewall filter on your loopback interface and 
only permit YOU to ssh to YOUR devices as opposed to 'everyone' ?

On Wed, 20 Feb 2008, Ying Zhang wrote:

> Hello, all,
>
> On our Juniper router, we constantly see people trying to connect through SSH. I've tried everything I can find to eliminate it. The following is what I've done so far. Just wondering if there is a better way to stop it on the router (we do block port ssh on every link). Thanks in advance.
>
> root-login deny;
> protocol-version v2;
> connection-limit 5;
> rate-limit 1;
>
> retry-options {
>    tries-before-disconnect 2;
>    backoff-threshold 2;
>    backoff-factor 10;
>    minimum-time 20;
> }
>
>
> C
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list