This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Brute Force Attack (SSH)

Brute Force Attack (SSH)

jflores
New Contributor

‎11-10-2020 05:08 AM

I have a blackdiamong 8806 and I am having brute force attacks (ssh), someone has an idea on how I can protect the equipment since in the knowledge base I only found related information for EOS but not for XOS.

Hopefully they can help me.

0 Kudos
3 REPLIES 3

Stefan_K_
Valued Contributor

‎11-10-2020 09:19 AM

Is the Switch accessible via the Internet? If not the above measures are good against the symptoms, but not against the cause.

0 Kudos

Alexandr_P
Valued Contributor

‎11-10-2020 06:46 AM

Hello!

 

Also take in mind that if it would be just simple brute force with a small number of requests for connection via ssh - it’s good to have “configure ssh2 access-profile ...”.

But if it would be a lot of requests for connection and it can be like DDoS, it’s better to create ACL (accept ssh from specific IP and deny from all other) and map it on ingress to ports or vlans.

Because access policy “configure ssh2 access-profile” is proceed by CPU but in case of ACL mapped to port (or vlan) packets don’t reach the CPU, so in this case mgmt plane load will be reduced.

 

Thank you!

0 Kudos

StephanH
Valued Contributor III

‎11-10-2020 05:50 AM

Hello,

you can for example limit the ssh access to some ip’s like descripted here:

 

https://gtacknowledge.extremenetworks.com/articles/How_To/Create-an-ACL-on-an-XOS-switch-for-SSH2-se...

Regards Stephan
0 Kudos
GTM-P2G8KFN