[j-nsp] SSH attack
Daniel Roesen
dr at cluenet.de
Thu Feb 21 14:30:33 EST 2008
Hi,
On Wed, Feb 20, 2008 at 04:15:04PM -0400, Ying Zhang wrote:
> On our Juniper router, we constantly see people trying to connect
> through SSH. I've tried everything I can find to eliminate it.
Aside from all the other good advise to filter on lo0 (RE), it
would be _really_ nice if we could configure the listener port
of the SSH service...
set system services ssh port 1234
Trivial feature, but great relief for folks who standadised all
their SSH daemons on hosts to listen a different port than 22
(and the SSH clients everywhere configured to use this other port
as default via /etc/ssh_config). It's really tedious to always
type "ssh -p 22" and "scp -P 22" when accessing network devices.
Simple feature, great gain.
No, I have no $10M revenue to attach to that idea. :)
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the juniper-nsp
mailing list