How concerned should I be on SSH attacks on port 22 on my outside interface which currently has the implicit ACL rule to deny any traffic from the outside interface to the outside interface?
I have noticed that this attack seems to start at 4 am in the morning local time and runs until about 8 am which is the typical start of the business day, so apparently the people trying to do the brute force login attempts know the local time, although I have seen some attempts during business hours, such as 10:30 am this morning.
I have one implicit rule, are there better access rules to install and use to deny these attempts?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...