topic Brute Force Attack (SSH) in ExtremeSwitching (EXOS/Switch Engine)

Brute Force Attack (SSH)

jflores — Tue, 10 Nov 2020 13:08:17 GMT

I have a blackdiamong 8806 and I am having brute force attacks (ssh), someone has an idea on how I can protect the equipment since in the knowledge base I only found related information for EOS but not for XOS.

Hopefully they can help me.

Re: Brute Force Attack (SSH)

StephanH — Tue, 10 Nov 2020 13:50:16 GMT

Hello,

you can for example limit the ssh access to some ip’s like descripted here:

https://gtacknowledge.extremenetworks.com/articles/How_To/Create-an-ACL-on-an-XOS-switch-for-SSH2-service-access

Re: Brute Force Attack (SSH)

Alexandr_P — Tue, 10 Nov 2020 14:46:00 GMT

Hello!

Also take in mind that if it would be just simple brute force with a small number of requests for connection via ssh - it’s good to have “configure ssh2 access-profile ...”.

But if it would be a lot of requests for connection and it can be like DDoS, it’s better to create ACL (accept ssh from specific IP and deny from all other) and map it on ingress to ports or vlans.

Because access policy “configure ssh2 access-profile” is proceed by CPU but in case of ACL mapped to port (or vlan) packets don’t reach the CPU, so in this case mgmt plane load will be reduced.

Thank you!

Re: Brute Force Attack (SSH)

Stefan_K_ — Tue, 10 Nov 2020 17:19:22 GMT

Is the Switch accessible via the Internet? If not the above measures are good against the symptoms, but not against the cause.