[j-nsp] SSH attack
Keegan.Holley at sungard.com
Keegan.Holley at sungard.com
Wed Feb 20 18:34:57 EST 2008
You should also include other common services in the filter such as SNMP,
BGP, telnet, or use a default deny and permit as needed.
Dan Goscomb <dang at goscomb.net>
Sent by: juniper-nsp-bounces at puck.nether.net
02/20/08 06:20 PM
To
Ying Zhang <cynthia_dal at yahoo.ca>
cc
juniper-nsp at puck.nether.net
Subject
Re: [j-nsp] SSH attack
Firewall the interface on lo0 is the best way ;)
interfaces {
lo0 {
unit 0 {
family inet {
filter {
input router-protect;
}
}
}
}
}
firewall {
filter router-protect {
term 1 {
from {
source-address {
0.0.0.0/0;
1.2.3.4/32 except;
2.3.4.5/32 except;
}
protocol tcp;
destination-port ssh;
}
then {
discard;
}
}
term catch {
then accept;
}
}
}
On Wed, 2008-02-20 at 16:15 -0400, Ying Zhang wrote:
> Hello, all,
>
> On our Juniper router, we constantly see people trying to connect
through SSH. I've tried everything I can find to eliminate it. The
following is what I've done so far. Just wondering if there is a better
way to stop it on the router (we do block port ssh on every link). Thanks
in advance.
>
> root-login deny;
> protocol-version v2;
> connection-limit 5;
> rate-limit 1;
>
> retry-options {
> tries-before-disconnect 2;
> backoff-threshold 2;
> backoff-factor 10;
> minimum-time 20;
> }
>
>
> C
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list