I have a blackdiamong 8806 and I am having brute force attacks (ssh), someone has an idea on how I can protect the equipment since in the knowledge base I only found related information for EOS but not for XOS.
Hopefully they can help me.
you can for example limit the ssh access to some ip’s like descripted here:
Also take in mind that if it would be just simple brute force with a small number of requests for connection via ssh - it’s good to have “configure ssh2 access-profile ...”.
But if it would be a lot of requests for connection and it can be like DDoS, it’s better to create ACL (accept ssh from specific IP and deny from all other) and map it on ingress to ports or vlans.
Because access policy “configure ssh2 access-profile” is proceed by CPU but in case of ACL mapped to port (or vlan) packets don’t reach the CPU, so in this case mgmt plane load will be reduced.
Is the Switch accessible via the Internet? If not the above measures are good against the symptoms, but not against the cause.
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.