Re: [j-nsp] SSH access and not working firewall policy

2012-08-12 Thread Chris Kawchuk
One possibility - They're coming from inside your own network =)

Whats the source IPs on the attempts, and what device is this (EX? MX? J? 
QFabric?)

- CK.

On 2012-08-13, at 5:07 AM, Robert Hass wrote:

> Hi
> 
> I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
> still see bruteforce attacks to my SSH in log messages.
> 
> .


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


Re: [j-nsp] SSH access and not working firewall policy

2012-08-12 Thread George Carey

On Aug 12, 2012, at 3:07 PM, Robert Hass  wrote:

> Hi
> 
> I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
> still see bruteforce attacks to my SSH in log messages.
> 
> I tested policy from hosts not existing in MGMT ACL - I cannot connect
> to SSH, so how these attackers can connect to my SSH ?
> Any hints ? Maybe I also have to filter more ports ?
> 
> Rob
> 
> My configuration:
> 
> lo0 {
>unit 0 {
>family inet {
>no-redirects;
>primary;
>filter {
>input RE;
>}
>address 10.0.0.1/32
>}
> 
>}
> }
> policy-options {
>prefix-list
>MGMT {
>10.3.0.0/24;
>10.4.0.0/24;
>}
>}
> }
> filter RE {
>term cli_permit {
>from {
>prefix-list {
>MGMT;
>}
>protocol tcp;
>destination-port [ telnet ssh ];
>}
>then {
>count cli_permit;
>accept;
>}
>}
>term cli_deny {
>from {
>protocol tcp;
>destination-port [ telnet ssh ];
>}
>then {
>count cli_deny;
>log;
>discard;
>}
>}
>term default_action {
>then accept;
>}
> }
> ___


For some reason (have to admit I forget exactly why) I ended up doing it this 
way on 9.6, not sure if it is helpful for 10.4 or not.

filter protect-router {
term 10-ssh {
from {
source-address {
0.0.0.0/0;
}
source-prefix-list {
trusted-networks except;
}
protocol tcp;
destination-port ssh;
}
then {
discard;
}
}
}

George Carey


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


[j-nsp] SSH access and not working firewall policy

2012-08-12 Thread Robert Hass
Hi

I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
still see bruteforce attacks to my SSH in log messages.

I tested policy from hosts not existing in MGMT ACL - I cannot connect
to SSH, so how these attackers can connect to my SSH ?
Any hints ? Maybe I also have to filter more ports ?

Rob

My configuration:

lo0 {
unit 0 {
family inet {
no-redirects;
primary;
filter {
input RE;
}
address 10.0.0.1/32
}

}
}
policy-options {
prefix-list
MGMT {
10.3.0.0/24;
10.4.0.0/24;
}
}
}
filter RE {
term cli_permit {
from {
prefix-list {
MGMT;
}
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_permit;
accept;
}
}
term cli_deny {
from {
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_deny;
log;
discard;
}
}
term default_action {
then accept;
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


Re: [j-nsp] How to restart a JUNOS process using Shell and CRONTAB

2012-08-12 Thread GIULIANO (WZTECH)

Looks like is better to use event-options:

set event-options generate-event TestEvent time-of-day "09:05:00 -0300"
set event-options policy Policy1 events TestEvent
set event-options policy Policy1 then execute-commands commands "run 
restart firewall"

set event-options policy Policy1 then execute-commands output-filename test1
set event-options policy Policy1 then execute-commands destination 
local-directory

set event-options destinations local-directory archive-sites /var/tmp/




Hi everyone,

Does anyone know how to restart a JUNOS process using Shell and CRONTAB ?

Do we need to create some kind of shell script to do that ?

This seems not to be working for me:

ps -ax | grep dfwd
 1146  ??  I  0:00.27 /usr/sbin/dfwd -N
kill -s HUP 1146

Does anyone uses the CRONTAB for that ?

Thanks a lot,

Giuliano


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


[j-nsp] How to restart a JUNOS process using Shell and CRONTAB

2012-08-12 Thread GIULIANO (WZTECH)

Hi everyone,

Does anyone know how to restart a JUNOS process using Shell and CRONTAB ?

Do we need to create some kind of shell script to do that ?

This seems not to be working for me:

ps -ax | grep dfwd
 1146  ??  I  0:00.27 /usr/sbin/dfwd -N
kill -s HUP 1146

Does anyone uses the CRONTAB for that ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp