SSH password guessing attacks

Comments

7 comments

  • Avatar
    Firewalla

    If you are getting SSH password-guessing attacks on a device, and you didn't configure that device to accept SSH, then you have a bigger problem. I'd suggest first checking and making sure not all of your ports are forwarded, and also, you have the "block traffic from the internet" rule there to protect your network.

    As for the suggestion of blocking SSH password guessing, it is easy; since this usually doesn't happen (most people don't expose SSH), having an auto block does not make sense, since the password guessing can come from so many different places. 

    0
    Comment actions Permalink
  • Avatar
    Michael

    Thanks for the response I do have a “block all traffic from the Internet” rule enabled without any other port forwarding. I’m reviewing my configuration.

    There is utility in allowing rules to be set for more than one country. This may be a limitation of the beta functionality.

    0
    Comment actions Permalink
  • Avatar
    Chris Hewitt

    We use port forwarding so 22 is never exposed and we only use keys.

    We see the same attack attempts as your are.

    0
    Comment actions Permalink
  • Avatar
    GamerZer0

    I "manage" 4 Firewalla Gold devices at different locations. The latest one deployed had a few SSH password guessing attempts recently.

    Based on above comment... I checked if "Block traffic from the internet" rule was there... which I assumed would be by default.

    It wasn't 😵

    So I added it... Lets see...

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Was your firewalla in bridge mode and you migrate to router mode? 

    0
    Comment actions Permalink
  • Avatar
    GamerZer0

    Yes... Then found that Port TCP 22 was open.

    Tried some random things...

    Went into SSH Console setting... Tap to Start... disabled for WAN and local network.

    Restarted the Firewalla... Did a Scan again and no ports were open.

    Lets see if this will prevent those random attempts... Maybe not related to it at all.

    🤞🤞

    0
    Comment actions Permalink
  • Avatar
    GamerZer0

    My bad... although I am sure I set the Mode to Router... I just noticed that the setting was DHCP Mode 🙃

    Set it to Router Mode now.

    0
    Comment actions Permalink

Please sign in to leave a comment.