SSH password guessing attacks
SSH password guessing attackers seem more frequent. This may be a result of improved detection and alerting in v1.60. On my router I have all Internet incoming ports blocked. UPNP turned off and I am still getting alarms indicating a password guessing attack directed at a specific internal device. I have created specific rules to block the origin countries. This has lead to the following feature suggestions:
- allow multiple countries to be selected as a block/allow target
- Provide an option that enables automatic blocking of the source IP when SSH password guessing is detected. Blocking time should be user selectable: 1H, 6H, 12H, 24H, Forever. The forever option probably means add the IP to a blocking Rule that is generated by the Firewalla, then updated with each detection.
-
If you are getting SSH password-guessing attacks on a device, and you didn't configure that device to accept SSH, then you have a bigger problem. I'd suggest first checking and making sure not all of your ports are forwarded, and also, you have the "block traffic from the internet" rule there to protect your network.
As for the suggestion of blocking SSH password guessing, it is easy; since this usually doesn't happen (most people don't expose SSH), having an auto block does not make sense, since the password guessing can come from so many different places.
-
I "manage" 4 Firewalla Gold devices at different locations. The latest one deployed had a few SSH password guessing attempts recently.
Based on above comment... I checked if "Block traffic from the internet" rule was there... which I assumed would be by default.
It wasn't 😵
So I added it... Lets see... -
Yes... Then found that Port TCP 22 was open.
Tried some random things...
Went into SSH Console setting... Tap to Start... disabled for WAN and local network.
Restarted the Firewalla... Did a Scan again and no ports were open.
Lets see if this will prevent those random attempts... Maybe not related to it at all.
🤞🤞
Please sign in to leave a comment.
Comments
7 comments