EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Tuesday 26 November 2024, 10:30:52 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
CLICK HERE
for the The official Endian Roadmap and Issue tracker
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
SSH attacks not being blocked.
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: SSH attacks not being blocked. (Read 12294 times)
sarconastic
Jr. Member
Offline
Gender:
Posts: 3
SSH attacks not being blocked.
«
on:
Sunday 30 November 2008, 10:57:32 am »
I was reviewing my logs and found the following in the logs.
Local User logins:
sshd:
Authentication Failures:
unknown (87.248.128.10): 290 Time(s)
Invalid Users:
Unknown Account: 290 Time(s)
SSHD:
Failed logins from:
87.248.128.10: 150 times
219.149.153.6: 107 times
Illegal users from:
87.248.128.10: 2974 times
219.149.153.6: 80 times
Login attempted when not in AllowUsers list:
mail : 1 Time(s)
sshd : 1 Time(s)
Received disconnect:
11: Bye Bye : 3019 Time(s)
Intrusion detection is on, but it is apparently not blocking the offending IP's I looked in the SNORT rules and did not locate an entry for SSH.
Is there something I am missing here. I use Fail2ban on my server to ban the ips so i am not real familiar with how Endian performs the same service.
Thanks
Sarc.
Forgot to add, I am running Endian version 2.1.1 with only red and green networks.
Logged
NinNin
Full Member
Offline
Posts: 24
Re: SSH attacks not being blocked.
«
Reply #1 on:
Monday 01 December 2008, 04:01:01 pm »
Same as my experience, so I solved by myself
1. Do not open port ssh at Router and another port also.
2. If you need to remote maintenance, Try to create OpenVPN connection with your account instead.
3. Remember to create a difficult password.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com