[j-nsp] SSH access and not working firewall policy
Robert Hass
robhass at gmail.com
Sun Aug 12 15:07:07 EDT 2012
Hi
I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
still see bruteforce attacks to my SSH in log messages.
I tested policy from hosts not existing in MGMT ACL - I cannot connect
to SSH, so how these attackers can connect to my SSH ?
Any hints ? Maybe I also have to filter more ports ?
Rob
My configuration:
lo0 {
unit 0 {
family inet {
no-redirects;
primary;
filter {
input RE;
}
address 10.0.0.1/32
}
}
}
policy-options {
prefix-list
MGMT {
10.3.0.0/24;
10.4.0.0/24;
}
}
}
filter RE {
term cli_permit {
from {
prefix-list {
MGMT;
}
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_permit;
accept;
}
}
term cli_deny {
from {
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_deny;
log;
discard;
}
}
term default_action {
then accept;
}
}
More information about the juniper-nsp
mailing list