Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

question about brute force attacks

How does ironport deals with brute force attacks on ssh and https?
There is some kind of control?

If someone leaves ironport's 22 and 443 ports "open" to the internet, it would be a problem if ironport does not control number of invalid logins attempts...

  • Email Security
12 REPLIES

Re: question about brute force attacks

no one knows? or do you just dont think that it's a point?

New Member

Re: question about brute force attacks


If someone leaves ironport's 22 and 443 ports "open" to the internet, it would be a problem if ironport does not control number of invalid logins attempts...


IMHO, it is better if IronPort could have this feature, iptables-like or firewall-like that secure port 22 or 443 port.

Somehow, if our dedicated firewall broken, our router ACL broken, then the firewall on the appliances is a must have :)

New Member

Re: question about brute force attacks

IMHO, it is better if IronPort could have this feature, iptables-like or firewall-like that secure port 22 or 443 port.

AsyncOS is just FreeBSD under the hood, and FreeBSD has ipfw. So the foundation is there (assuming they haven't modified the FreeBSD kernel they use to remove it), they just need to expose an interface to it.

Re: question about brute force attacks

ok. here is the deal: someway internet crawlers are indexing many ironports with HTTPS wide open to the net... Actually i've seen some guy at defcon14 talking about how to use google to find targets without been flagged, and i was wondering if i could do this to find ironports... Bingo.

so, i think we need to spend sometime discussing this issue, that is not a huge issue, but i keep telling, someone might have been troubles with this, specially when they don't update AsyncOS (in fact, this is the case!)


i would recommend you to readding Robots Exclusion Protocol

this probably contains our solution...

New Member

Re: question about brute force attacks

i would recommend you to readding Robots Exclusion Protocol

this probably contains our solution...

The REP is great for crawlers which obey it, and would certainly limit the black hats' ability to find IronPort MGAs via Google. But it wouldn't stop a black hat crawler. You need a firewall of some sort for that, which gets us back to the beginning of this thread.

Re: question about brute force attacks

uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...

But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss? hehe

New Member

Re: question about brute force attacks

uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...

I'm not talking about using it as a firewall to protect other systems. I'm talking about it having a built-in software firewall for protecting itself.

But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss?

You're the one who started this thread. If you don't think this is an appropriate place for it then why did you start it?

Re: question about brute force attacks

uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...

I'm not talking about using it as a firewall to protect other systems. I'm talking about it having a built-in software firewall for protecting itself.


Ok, i understand what you say, but i cannot see the major usefulness of the built-in fw. If you really want your system to be safe, just dont run the stuff. Keep ssh and https disabled on the public interface.

On the begining, i was concerned about ppl that leaves the ssh and https ports opened to the net. And when i say opened, i reaaly mean without fw.

I think we are missing the spot.


But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss?

You're the one who started this thread. If you don't think this is an appropriate place for it then why did you start it?


Ok, what i'm trying to say, is that, in my (silly) opinion, ironportnation's forums should be more visited, more commented. I dont see the ironport's legion here. Many ppl just sign in and almost never log in.

But who cares with my opinion? so let's not discuss it, let's forget it.

I keep thinking that 'Robot Exclusion Protocol' should be considered.
If you don't agree, check it out

another tip, the crawler is indexing the 'login help' page.

New Member

Re: question about brute force attacks

If you really want your system to be safe, just dont run the stuff. Keep ssh and https disabled on the public interface.

It's not always that easy. In our setup, for example, if ssh and https were not enabled on the public interfaces then I couldn't manage the units at all.

I use the FreeBSD ipfw to great effect on other systems. It has absolutely eliminated the routine ssh "door knob rattling" that we used to see in our logs.

217
Views
0
Helpful
12
Replies