Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Device doing brute force SSH attacks . Format the device or do a deeper dive into the root cause?

I found out our IP was banned and after looking at the logs in FortiGate I saw a raspberry pi doing SSH attacks per below. I unplugged it from the network as I could not even log into it. Seems the virus was clever enough to change the password. Any point to doing a deeper dive into how this happened or find out what IP the virus was trying to communicate with? If not, I will reinstall the OS on that device and start from scratch.


Screenshot 2023-02-09 125216.png


The question you are asking isn't really a Fortinet-specific question. It's a general cybersecurity question and no one here can really answer it for you. It depends on you and your environment and whether you need to know those details or not and what kind of risk appetite you have for something like that (or worse) happening again.


For example, if you just wipe the device and re-install, whatever attack vector existed before likely still exists.


Up to you really how you want to approach this, though.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors