Hi I have Juniper running 10.4R7 with RE filter applied to lo.0 but I still see bruteforce attacks to my SSH in log messages.
I tested policy from hosts not existing in MGMT ACL - I cannot connect to SSH, so how these attackers can connect to my SSH ? Any hints ? Maybe I also have to filter more ports ? Rob My configuration: lo0 { unit 0 { family inet { no-redirects; primary; filter { input RE; } address 10.0.0.1/32 } } } policy-options { prefix-list MGMT { 10.3.0.0/24; 10.4.0.0/24; } } } filter RE { term cli_permit { from { prefix-list { MGMT; } protocol tcp; destination-port [ telnet ssh ]; } then { count cli_permit; accept; } } term cli_deny { from { protocol tcp; destination-port [ telnet ssh ]; } then { count cli_deny; log; discard; } } term default_action { then accept; } } _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp