Alexander Arseniev writes: >Someone is brute-forcing Your router password, and that is very common >nowadays. Good loopback filter would prevent this.
Amen to this and all your other points, esp re: avoiding telnet in favor of ssh. Also you can use "system services ssh no-passwords;" to prevent password use under ssh, but this _requires_ that you have ssh keys installed for every user under [system login user authentication]. You'll still get connections, which can be blocked using filters, but you can sleep better at night knowing that brute force password attacks will fail (after you delete telnet/ftp/etc). Passwords continue to function on the console and for non-ssh protocols. Thanks, Phil _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp