[j-nsp] SSH attack
Ball, Charles
charles.ball at qwest.com
Thu Feb 21 11:52:39 EST 2008
Ying,
With:
connection-limit 5
I would be concerned that an attacker could flood all of your SSH connections with bogus login attempts and make logging into your box difficult.
If you do not implement the FWF, you may consider increasing the connection-limit.
Charles
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net on behalf of Ying Zhang
Sent: Wed 2/20/2008 1:15 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] SSH attack
Hello, all,
On our Juniper router, we constantly see people trying to connect through SSH. I've tried everything I can find to eliminate it. The following is what I've done so far. Just wondering if there is a better way to stop it on the router (we do block port ssh on every link). Thanks in advance.
root-login deny;
protocol-version v2;
connection-limit 5;
rate-limit 1;
retry-options {
tries-before-disconnect 2;
backoff-threshold 2;
backoff-factor 10;
minimum-time 20;
}
C
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the juniper-nsp
mailing list