Question

Brute Force Attack (SSH)

  • 10 November 2020
  • 3 replies
  • 31 views

I have a blackdiamong 8806 and I am having brute force attacks (ssh), someone has an idea on how I can protect the equipment since in the knowledge base I only found related information for EOS but not for XOS.

Hopefully they can help me.


3 replies

Userlevel 6
Badge

Hello,

you can for example limit the ssh access to some ip’s like descripted here:

 

https://gtacknowledge.extremenetworks.com/articles/How_To/Create-an-ACL-on-an-XOS-switch-for-SSH2-service-access

Userlevel 6

Hello!

 

Also take in mind that if it would be just simple brute force with a small number of requests for connection via ssh - it’s good to have “configure ssh2 access-profile ...”.

But if it would be a lot of requests for connection and it can be like DDoS, it’s better to create ACL (accept ssh from specific IP and deny from all other) and map it on ingress to ports or vlans.

Because access policy “configure ssh2 access-profile” is proceed by CPU but in case of ACL mapped to port (or vlan) packets don’t reach the CPU, so in this case mgmt plane load will be reduced.

 

Thank you!

Userlevel 4

Is the Switch accessible via the Internet? If not the above measures are good against the symptoms, but not against the cause.

Reply