|reply to battleop |
Re: Who keeps their router's SSH port open?
The attacks seem to be done and over with from what I can see in the NAT stats and the ACL lists. I setup this 1841 last week for the first time ever. I created the ACL keeping in mind that if I opened 22 over the WAN that it would equate to hanging meat for the piranhas, but I forgot to apply it to the VTY lines.
What I should do is log any attempts that match the ACL rules applied to the VTY lines just to see what's going on.
So far from what I can see, it's been relatively quiet.
Extended IP access list 100
10 deny ip 10.17.12.0 0.0.0.255 10.18.12.24 0.0.0.7 (4272 matches)
20 permit ip 10.17.12.0 0.0.0.255 any (38774 matches)
Extended IP access list 101 ---- This is the one applied to VTY lines ----
10 permit tcp host xxx any eq 22 (8 matches) ---- This is for my access from work ----
20 permit tcp 10.17.12.0 0.0.0.255 any eq 22 (4 matches)
30 deny ip any any (39 matches)
Extended IP access list 110
5 permit tcp 10.17.12.0 0.0.0.255 10.18.12.24 0.0.0.7
10 permit ip 10.17.12.0 0.0.0.255 10.18.12.24 0.0.0.7