6 ;;; auto-firewall ssh - stage 1
7 ;;; auto-firewall ssh - stage 2
8 ;;; auto-firewall ssh - stage 3
9 ;;; auto-firewall ssh - stage 4
11 ;;; drop ssh brute forcers
I have these rules in firewall filter, to prevent ssh attacking, but not work well, Could you help or give better idea to prevent ssh attacks?
or you can write what working for you
savage
August 13, 2007, 5:05pm
3
Run SSH on a non standard port? /ip service…
Create input rules in your firewall, and do not allow everyone to connect to your router via SSH? I always find it mind bothering that everyone complains because the whole world comes down brute forcing passwords via SSH, but no attempt is made to secure SSH in the first place… -sigh-
[R-C@MikroTik] ip service> print
0 telnet 23 0.0.0.0/0
You mean this? I changed the ssh port(original 22) to 21(ftp port). Can it be?
savage
August 13, 2007, 6:11pm
5
Yup…
However, that should be seen as a invalid configuration IMHO… Can’t have SSH and FTP listening on port 21…
jp1
August 13, 2007, 6:28pm
6
This is what I use - blocks ssh/telnet/ftp from outside our network (networks other than the two in the example:
/ ip firewall filter
add chain=input src-address=10.0.0.0/8 protocol=tcp dst-port=21-23 \
action=accept comment="" disabled=no
add chain=input src-address=69.39.96.0/20 protocol=tcp dst-port=21-23 \
action=accept comment="" disabled=no
add chain=input src-address=0.0.0.0/0 protocol=tcp dst-port=21-23 \
action=reject reject-with=icmp-network-unreachable comment=""
One must VPN into the network in order to use ssh/ftp/telnet to our MTs.