Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

prevent brute force attack

Hi. We have a fortigate 80CM and I' m observing several admin login attemps in the ssh (brute force attacks I suppose?). For example on monday I received about 30 msg: " Administrator root login failed from ssh(xxx.xxx.xxx.xxx) because of invalid user name" . After 2 or 3 messages, invariably receive the msg: " " Login disabled from IP xxx for 60 seconds because of too many bad attempts" , which I think is fine, but is there another thing I can do? I should only wait and see this messages? how should I proceed with a more proactive focus? thanks for your answers. Robert
4 REPLIES 4
rwpatterson
Valued Contributor III

You could change (make longer) the lockout time to ward off the less patient...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Jan_Scholten
Contributor

ssh bruteforce is pretty common and done by countless Zombienodes. what helps more or less everytime at least on my Linux servers: change the ssh port from the default 22 to something else e.g. 2222. i think it' s " set admin-ssh-port" This will probaly defeat 99.9% of the login attempts, but you have to remember to change your ssh port on putty/securecrt, when you connect. Otherwise: If you have a secure password it' s just the logmessages and nothing to be afraid of..
Not applicable

Thanks both. I' ve changed the ssh port, hope that reduce the attacks.
p768
New Contributor

set the admin accounts to be only allowed from " Trusted Hosts" , then the firewall will not even respond to the initial connection
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors