Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
segmentation_fault
New Contributor III

Created on ‎02-09-2023 11:34 AM

Device doing brute force SSH attacks . Format the device or do a deeper dive into the root cause?

I found out our IP was banned and after looking at the logs in FortiGate I saw a raspberry pi doing SSH attacks per below. I unplugged it from the network as I could not even log into it. Seems the virus was clever enough to change the password. Any point to doing a deeper dive into how this happened or find out what IP the virus was trying to communicate with? If not, I will reinstall the OS on that device and start from scratch.

 

Screenshot 2023-02-09 125216.png

Labels:
391
0 Kudos
1 REPLY 1
gfleming
Staff
Staff

Created on ‎02-09-2023 12:39 PM

The question you are asking isn't really a Fortinet-specific question. It's a general cybersecurity question and no one here can really answer it for you. It depends on you and your environment and whether you need to know those details or not and what kind of risk appetite you have for something like that (or worse) happening again.

 

For example, if you just wipe the device and re-install, whatever attack vector existed before likely still exists.

 

Up to you really how you want to approach this, though.

Cheers,
Graham
380
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.