Anyone else seeing log messages of late where SSH attempts are being received on NON ssh ports somehow? Only a full port block to the router's interfaces are effective: rtredge-[98208]: Failed password for [some name]from [multiple IP addresses] port [above 10000] ssh2 Is there a new vulnerability for SSH for MX80s?
Focus Search - SSH arriving on ephemeral ports on MX80, above 10000 -- ssh block filters not effective
Hi akushner After I use your command the result to me surprise that there are many many connection to 830 port in this router from outside source and to many gateway IPs of the VLans setting up in this system. Then I blocked the 830 port from outside, which immediately reduce the CPU usage to be...
If netconf enabled in system , it will use port 830 (be default), and also will be displayed as ssh in processes -- Anatoliy --
I also can not totally block the SSH login attempt in my route
From KB19710 : "While you can configure static and dynamic routing protocols that will use this interface based on the interface configuration and route lookups, any configuration that is not part of out-of-band management (Telnet/SSH for configuration, FTP to/from the router, SNMP/CFLOWD/monitoring devices, etc) is NOT supported by Juniper and should not be used."
Focus Search - From KB19710 : "While you can configure static and dynamic routing protocols that will use this interface based on the interface configuration and route lookups, any configuration that is not part of out-of-band management (Telnet/SSH for configuration, FTP to/from the router, SNMP/CFLOWD/monitoring devices, etc) is NOT supported by Juniper and should not be used."