Skip to main content
A
Anonymous_User
Contributor
March 30, 2010
Question

prevent brute force attack

  • March 30, 2010
  • 4 replies
  • 3150 views
Hi. We have a fortigate 80CM and I' m observing several admin login attemps in the ssh (brute force attacks I suppose?). For example on monday I received about 30 msg: " Administrator root login failed from ssh(xxx.xxx.xxx.xxx) because of invalid user name" . After 2 or 3 messages, invariably receive the msg: " " Login disabled from IP xxx for 60 seconds because of too many bad attempts" , which I think is fine, but is there another thing I can do? I should only wait and see this messages? how should I proceed with a more proactive focus? thanks for your answers. Robert

    4 replies

    rwpatterson
    rwpatterson
    New Member
    March 30, 2010
    You could change (make longer) the lockout time to ward off the less patient...
    Jan_Scholten
    Jan_Scholten
    New Member
    March 30, 2010
    ssh bruteforce is pretty common and done by countless Zombienodes. what helps more or less everytime at least on my Linux servers: change the ssh port from the default 22 to something else e.g. 2222. i think it' s " set admin-ssh-port" This will probaly defeat 99.9% of the login attempts, but you have to remember to change your ssh port on putty/securecrt, when you connect. Otherwise: If you have a secure password it' s just the logmessages and nothing to be afraid of..
    A
    Anonymous_UserAuthor
    Contributor
    March 30, 2010
    Thanks both. I' ve changed the ssh port, hope that reduce the attacks.
    p768
    p768
    New Member
    March 31, 2010
    set the admin accounts to be only allowed from " Trusted Hosts" , then the firewall will not even respond to the initial connection
    Terms & ConditionsAccessibility statement