Community discussions

MUM Europe 2020
 
sdrenner
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Wed Mar 02, 2005 10:03 pm
Contact:

ssh

Fri Mar 03, 2006 11:34 pm

How can I stop all of these: login failure for user xxx from xxx.xxx.xxx.xxx via ssh
and
via ftp
 
User avatar
jager
Trainer
Trainer
Posts: 296
Joined: Mon Oct 31, 2005 2:44 am
Location: Sierra Leone
Contact:

Fri Mar 03, 2006 11:45 pm

Very simple.
In IP > Firewall set up a new rule (input chain) that will accept traffic on port 22 (ssh) for your IP`s from which you want to connect to the router by ssh, and drop the rest of the traffic on this port. Do the same for port 21 (ftp).
Or, if you have only one network from which you want to access to your router, you can set this up in IP > Services.
If you do not want to use ssh or ftp at all, disable those services at the same place.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Fri Mar 03, 2006 11:51 pm

 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Sat Mar 04, 2006 9:51 am

how about simply entering an IP-address-range into /ip service ssh?

(but ususally it's coming from internet, plus i don't like changing WKS-ports. has anyone written a rule to make a temporary blocking address-list for this kind of attack and likes to share it? tia.)

Who is online

Users browsing this forum: PROXCON and 96 guests