[j-nsp] SSH - Firewall Filter - MX80

Samol molasian at gmail.com
Tue Jun 4 22:49:56 EDT 2013 

Dear All,

We are having problems with filtering ssh access to out MX80 box. Many
thanks in advance for your assistance.

The problem is kind of weird. There are a few random IP addresses, which
should be blocked by firewall filter, have established ssh connections to
our MX80 while most of other IPs (our tested IP) from the Internet trying
to ssh are silently dropped (no log) by this firewall filter on loopback 0
interface.


show configuration firewall family inet filter limit-mgmt-access
term permit-ssh-ssl {
    from {
        source-address {
            E.F.G.H/20;
        }
        protocol tcp;
        destination-port [ ssh http https telnet ];
    }
    then accept;
}
term deny-all-other-ssl-ssh {
    from {
        protocol tcp;
        destination-port [ ssh http https telnet ];
    }
    then {
        discard;
    }
}
term default {
    then accept;
}

-------------------------------

show configuration interfaces lo0
unit 0 {
    family inet {
        filter {
            input limit-mgmt-access;
        }
        address W.X.Y.Z/32 {
            primary;
            preferred;
        }
    }
}

--------------------------------------

Jun  4 14:48:53 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user 'nagios'
from host 'A.B.C.D'
Jun  4 14:48:53  R1 sshd[77836]: Failed password for nagios from A.B.C.D
port 37231 ssh2
Jun  4 14:48:54  R1 sshd[77837]: Received disconnect from A.B.C.D: 11: Bye
Bye
Jun  4 14:48:54  R1 inetd[1224]: /usr/sbin/sshd[77836]: exited, status 255
Jun  4 14:48:57  R1 sshd: SSHD_LOGIN_FAILED: Login failed for user
'student' from host 'A.B.C.D'
Jun  4 14:49:06  R1 sshd: SSHD_LOGIN_FAILED: Login failed for user 'tom'
from host 'A.B.C.D'
Jun  4 14:49:06  R1 sshd[77844]: Failed password for tom from A.B.C.D port
38247 ssh2
Jun  4 14:49:07  R1 sshd[77845]: Received disconnect from A.B.C.D: 11: Bye
Bye
Jun  4 14:49:07  R1 inetd[1224]: /usr/sbin/sshd[77844]: exited, status 255
Jun  4 14:49:10  R1 sshd: SSHD_LOGIN_FAILED: Login failed for user 'public'
from host 'A.B.C.D'
Jun  4 14:49:10  R1 sshd[77846]: Failed password for public from A.B.C.D
port 38511 ssh2
Jun  4 14:49:10  R1 sshd[77847]: Received disconnect from A.B.C.D: 11: Bye
Bye
Jun  4 14:49:10  R1 inetd[1224]: /usr/sbin/sshd[77846]: exited, status 255

Regards,
Samol

More information about the juniper-nsp mailing list