Anyone else seeing log messages of late where SSH attempts are being received on NON ssh ports somehow? Only a full port block to the router's interfaces are effective:
rtredge-: Failed password for [some name]from [multiple IP addresses] port [above 10000] ssh2
Is there a new vulnerability for SSH for MX80s? Running 17.3 r3.10, using grp-apply firewall filters.
That’s the source port, not destination. You probably need to look at your ssh filter again.
The massive failed SSH Login attempts looks like unauthorized attempts to gain SSH access to device.
Please mark "Accepted Solution" if this helps you solve your query. Kudos are always appreciated.
On ACX/MX/EX PPC based Series platforms, the commit error might occur and the firewall filters might not be applied to the interfaces when the firewall policer action is set with "forwarding-class".
This issue might be seen if the following conditions are met:* On ACX/MX/EX PPC based Series platforms* Configuring firewall policer action with "forwarding-class"
The issue is Resolved-Injunos:17.3R3-S7 junos:17.4R3 junos:18.1R3-S8 junos:18.2R3-S2 junos:18.3R3 junos:18.4R2-S2 junos:18.4R3 junos:19.1R2 junos:19.2R2 junos:19.3R1 junos:19.3R2 junos:19.4R1 junos:20.1R1
Please let me know if you have other concerns