Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: juniper
SSH access and not working firewall policy
 

Index | Next | Previous | View Flat


robhass at gmail

Aug 12, 2012, 12:07 PM


Views: 814
Permalink
SSH access and not working firewall policy

Hi

I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
still see bruteforce attacks to my SSH in log messages.

I tested policy from hosts not existing in MGMT ACL - I cannot connect
to SSH, so how these attackers can connect to my SSH ?
Any hints ? Maybe I also have to filter more ports ?

Rob

My configuration:

lo0 {
unit 0 {
family inet {
no-redirects;
primary;
filter {
input RE;
}
address 10.0.0.1/32
}

}
}
policy-options {
prefix-list
MGMT {
10.3.0.0/24;
10.4.0.0/24;
}
}
}
filter RE {
term cli_permit {
from {
prefix-list {
MGMT;
}
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_permit;
accept;
}
}
term cli_deny {
from {
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_deny;
log;
discard;
}
}
term default_action {
then accept;
}
}
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

Subject User Time
SSH access and not working firewall policy robhass at gmail Aug 12, 2012, 12:07 PM
    Re: SSH access and not working firewall policy george at montco Aug 12, 2012, 3:25 PM
    Re: SSH access and not working firewall policy juniperdude at gmail Aug 12, 2012, 9:34 PM
        Re: SSH access and not working firewall policy robhass at gmail Aug 13, 2012, 12:24 AM
    Re: SSH access and not working firewall policy robhass at gmail Aug 13, 2012, 12:29 AM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.