[j-nsp] SSH_Brute_Force events
Harri Makela
harri_makela at yahoo.com
Thu Apr 5 18:09:50 EDT 2012
Hi Guys
We are getting "SSH_Brute_Force" alerts quite often from our Intrusion prevention systems (IPS) - ISS GX.
Issue Description: We have detected SSH_Brute_Force events sourcing from external IP x.x.x.x targeting multiple internal IPs. This is probably an attempt to gain access to SSH enabled servers.
What could be best practices to handle these alerts ? i.e.
change SSH port system wide from 22 to 10022 ?
Report the ISP to contact with the customer which is really not a practical solution ?
Any advice will be highly appreciated. I myself new to this and trying to document the process.
Thanks in advance
HM
More information about the juniper-nsp
mailing list