Hi,
On Fri, Feb 22, 2008 at 10:26:31AM +0500, Iftikhar Ahmed wrote:
* set system services ssh port 1234*
is not working..
That's my point. :-) I am looking for this option... it was an
example of how it could look like.
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: [EMAIL
Subject: Re: [j-nsp] SSH attack
Hi,
On Fri, Feb 22, 2008 at 10:26:31AM +0500, Iftikhar Ahmed wrote:
* set system services ssh port 1234*
is not working..
That's my point. :-) I am looking for this option... it was an
example of how it could look like.
Best regards,
Daniel
On Fri, Feb 22, 2008 at 03:36:47PM -0400, Ying Zhang wrote:
Hehe, that was my first thought when I tried to solve it, obviously not
available on JUNOS.
Same goes for IOS btw.
ip ssh port does exist, but means something different to what one
would expect (it's for reverse SSH to async lines
Thank you all for the kind reply. I will test it in the lab.
- Original Message -
From: Ying Zhang [EMAIL PROTECTED]
To: juniper-nsp@puck.nether.net
Sent: Wednesday, February 20, 2008 4:15 PM
Subject: [j-nsp] SSH attack
Hello, all,
On our Juniper router, we constantly see people
Hi,
On Wed, Feb 20, 2008 at 04:15:04PM -0400, Ying Zhang wrote:
On our Juniper router, we constantly see people trying to connect
through SSH. I've tried everything I can find to eliminate it.
Aside from all the other good advise to filter on lo0 (RE), it
would be _really_ nice if we could
Hi,
* set system services ssh port 1234*
is not working..
Regards,
Iftikhar Ahmed
On Fri, Feb 22, 2008 at 12:30 AM, Daniel Roesen [EMAIL PROTECTED] wrote:
Hi,
On Wed, Feb 20, 2008 at 04:15:04PM -0400, Ying Zhang wrote:
On our Juniper router, we constantly see people trying to
Hello, all,
On our Juniper router, we constantly see people trying to connect through SSH.
I've tried everything I can find to eliminate it. The following is what I've
done so far. Just wondering if there is a better way to stop it on the router
(we do block port ssh on every link). Thanks in
Subject: [j-nsp] SSH attack
Hello, all,
On our Juniper router, we constantly see people trying to connect
through SSH. I've tried everything I can find to eliminate it. The
following is what I've done so far. Just wondering if there is a better
way to stop it on the router (we do block port ssh
On Wed, Feb 20, 2008 at 04:15:04PM -0400, Ying Zhang wrote:
Hello, all,
On our Juniper router, we constantly see people trying to connect through
SSH. I've tried everything I can find to eliminate it. The following is what
I've done so far. Just wondering if there is a better way to stop
On Wed, Feb 20, 2008 at 04:15:04PM -0400, Ying Zhang wrote:
Hello, all,
On our Juniper router, we constantly see people trying to connect
through SSH. I've tried everything I can find to eliminate it. The
following is what I've done so far. Just wondering if there is a
better way to stop
You should also include other common services in the filter such as SNMP,
BGP, telnet, or use a default deny and permit as needed.
Dan Goscomb [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
02/20/08 06:20 PM
To
Ying Zhang [EMAIL PROTECTED]
cc
juniper-nsp@puck.nether.net
Subject
Re: [j-nsp
I recommend reading this:
http://www.cymru.com/gillsr/documents/junos-template.htm
There are lots of other useful templates at http://www.cymru.com/.
Stephen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
On Thursday 21 February 2008, Chuck Anderson wrote:
Instead of blocking SSH on every link, block it on lo0.
Firewall filters applied to the lo0 interface are applied
to the Routing Engine itself. Be careful if you apply
filters here--be sure to allow any routing protocols into
the Routing
13 matches
Mail list logo