Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1290
Views
0
Helpful
1
Replies

IOS SSH server hardening

vlatkorun
Level 1
Level 1

‎03-18-2009 01:53 AM - edited ‎03-09-2019 10:08 PM

What aditional can be done to protect the router from bruteforce attacks, trying to guess the username/password combination.Last two days in the log files, I noticed several consecutive login attempts on port 22 in 15 seconds from various IP addresses.After some research on the Internet I realized that the Ip addresses belong to well know botnets.Using Cisco 1812 router with IOS 12.4(6)T.

Here is some of the router configuration relevant to my question:

aaa new-model

aaa authentication login lineauth local

username ***** password *****

login block-for 60 attempts 4 within 15

login on-failure

ip ssh version 2

Labels:
0 Helpful
1 Reply 1

Jesse Wiener
Level 4
Level 4

‎03-18-2009 08:34 AM

you can also put a delay into the login sequence "login delay 5" this will slow the login attempts as well (might not be applicable to you if they are every 15 sec). You can put an access-list on your VTY lines only allowing certain hosts to ssh in. http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cntrl_acc_vtl.html#wp1049991

You can use a rotary to change the ssh port on the vty lines to something less common.

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftrevssh.html#wp1017378

You can add an acl to the outside of your router blocking that address after you see it.

you can be proactive and block some bad addresses ahead of time.

A few lists are:

http://www.spamhaus.org/drop/

http://feeds.dshield.org/block.txt

Hope some of this helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents