Search

1 to 7 of 7
Sort by

Discussion Reply
RE: SSH arriving on ephemeral ports on MX80, above 10000 -- ssh block filters not effective.

Hi akushner After I use your command the result to me surprise that there are many many connection to 830 port in this router from outside source and to many gateway IPs of the VLans setting up in this system. Then I blocked the 830 port from outside, which immediately reduce the CPU usage to be...


Discussion Reply
RE: SSH arriving on ephemeral ports on MX80, above 10000 -- ssh block filters not effective.

If netconf enabled in system , it will use port 830 (be default), and also will be displayed as ssh in processes -- Anatoliy --


Discussion Reply
RE: SSH arriving on ephemeral ports on MX80, above 10000 -- ssh block filters not effective.

I also can not totally block the SSH login attempt in my route


Discussion Post
SSH arriving on ephemeral ports on MX80, above 10000 -- ssh block filters not effective.

Anyone else seeing log messages of late where SSH attempts are being received on NON ssh ports somehow? Only a full port block to the router's interfaces are effective: rtredge-[98208]: Failed password for [some name]from [multiple IP addresses] port [above 10000] ssh2 Is there a new vulnerability for SSH for MX80s?


Discussion Thread 7
SSH arriving on ephemeral ports on MX80, above 10000 -- ssh block filters not effective.

Focus Search - SSH arriving on ephemeral ports on MX80, above 10000 -- ssh block filters not effective


Discussion Post
Can I use fxpo interface ?

From KB19710 : "While you can configure static and dynamic routing protocols that will use this interface based on the interface configuration and route lookups, any configuration that is not part of out-of-band management (Telnet/SSH for configuration, FTP to/from the router, SNMP/CFLOWD/monitoring devices, etc) is NOT supported by Juniper and should not be used."


Discussion Thread 2
Can I use fxpo interface ?

Focus Search - From KB19710 : "While you can configure static and dynamic routing protocols that will use this interface based on the interface configuration and route lookups, any configuration that is not part of out-of-band management (Telnet/SSH for configuration, FTP to/from the router, SNMP/CFLOWD/monitoring devices, etc) is NOT supported by Juniper and should not be used."