Hi

I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
still see bruteforce attacks to my SSH in log messages.

I tested policy from hosts not existing in MGMT ACL - I cannot connect
to SSH, so how these attackers can connect to my SSH ?
Any hints ? Maybe I also have to filter more ports ?

Rob

My configuration:

lo0 {
    unit 0 {
        family inet {
            no-redirects;
            primary;
            filter {
                input RE;
            }
            address 10.0.0.1/32
        }

    }
}
policy-options {
    prefix-list
        MGMT {
            10.3.0.0/24;
            10.4.0.0/24;
        }
    }
}
filter RE {
    term cli_permit {
        from {
            prefix-list {
                MGMT;
            }
            protocol tcp;
            destination-port [ telnet ssh ];
        }
        then {
            count cli_permit;
            accept;
        }
    }
    term cli_deny {
        from {
            protocol tcp;
            destination-port [ telnet ssh ];
        }
        then {
            count cli_deny;
            log;
            discard;
        }
    }
    term default_action {
        then accept;
    }
}
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to