Hello, I was alerted tonight thankfully that SSH was being fussed on my Firewalla from an identified IP in China mainland. However I had set a rule to block China mainland, how was this bypassed? I had checked the rule and verified the IP and captured the MAC it was presenting (I imagine spoofed of some sort due to its vastly misidentifying characteristics) and blocked it on my edge firewall, but this is concerning that it somehow got the ability to guess ssh. I run Nessus and other things internally, but it comes from the inside when searching. I run a Palo Alto firewall on the edge, and was testing this firewall for its capabilities. There are things I have noticed that could use a little TLC as far as security goes (obviously without the need for enterprise level as I do) but was wondering if I could have some help understanding why this failed to protect as it should have.
Please sign in to leave a comment.