-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of Stephane JAUNE
Sent: Wednesday, February 02, 2011 10:50 AM
To: 'Juniper-Nsp'
Subject: [j-nsp] EX2200 series and q-in-q (802.1ad)
Hi all,
Does
On Fri, Apr 01, 2011 at 08:23:31PM -0400, Jesus Alvarez wrote:
Is there a way to change the SSH port for managing the EX switches and M
routers? We normally avoid using the standard port 22.
No. I've been asking for that feature since... hm, around 2003 or
so.
Probably no customer demand. :-)
On Sat, Apr 02, 2011 at 02:14:12PM +0200, Daniel Roesen wrote:
On Fri, Apr 01, 2011 at 08:23:31PM -0400, Jesus Alvarez wrote:
Is there a way to change the SSH port for managing the EX switches and M
routers? We normally avoid using the standard port 22.
No. I've been asking for that
On 02.04.2011 14:22, Chuck Anderson wrote:
I wonder if you could create an /etc/ssh/sshd_config file and set the
port number in there...
Not exactly, because the sshd is started by inetd - you can as root
change that file - but you have to ensure it doesn't get changed
by mgd. So a cron script
No, I've been asking for this feature. :)
Thanks for your answer.
It should be trivial to implement a configurable SSH port in the Junos
firmware and this would help in securing the router. Practically all
scanners attempt SSH logins when port 22 is available but very few check
all
Not exactly, because the sshd is started by inetd - you can as
root change that file - but you have to ensure it doesn't get
changed by mgd. So a cron script checking for what is in there
once an hour does the trick..
Thanks for your answer. That sounds like a clever workaround.
Are the
You should probably think about doing IP-based filtering on your management
networks. It's going to guarantee a drop in random port scans/login
attempts vs obfuscating the listen port of ssh.
Scott
On Sat, Apr 2, 2011 at 11:13 AM, Jesus Alvarez jalva...@prw.net wrote:
No, I've been asking
Hello all,
Is anyone running MS products through SRX firewalls? How are you getting RPC to
work? According to engineering, the ScreenOS ms-rpc-any isn't included in
JUNOS, although, I do see the ALG catching the info based off of endpoint
mapper sessions. Add to that the fact that MS changed
I've got two sets of SRX3400 clusters, and the ALGs should come with:
caveat emptor.
Nice on paper and very similar to Linux conntrack modules, but in reality
the rule of thumb is it's better to have them disabled.
In the case of Microsoft, their technical papers will say your firewall
should
Agreed. ALGs seem to always cause headaches. Turn them off and pretend they
don't exist and you'll be better off. (Think of them like that crazy guy/girl
you wanted to date in High School... Same thing really.)
On Apr 2, 2011, at 4:38 PM, Scott T. Cameron wrote:
I've got two sets of SRX3400
10 matches
Mail list logo
