Ssh bruteforce atack inside my network.

suporteitanet · Thu May 29, 2014 10:26 pm

One of my routerboards (the gateway of my network) are trying to access the others network ips via ssh and telnet. The log them is showing several trials and logins errors like brute force. A virus maybe?

Thanks in advance and sorry for bad english.

Fri May 30, 2014 10:19 am

can you show the logfile please?

DHCP-alert for detect roque DHCP-servers?

Fri May 30, 2014 2:20 pm

Are you sure that router is the originator of the attack? Or some computer behind it?

suporteitanet · Fri May 30, 2014 2:46 pm

Are you sure that router is the originator of the attack? Or some computer behind it?

The router isnt the originator of the attack,.I'm sure about this, however the ip (public ip) is a source of attack.

suporteitanet · Fri May 30, 2014 2:48 pm

can you show the logfile please?

DHCP-alert for detect roque DHCP-servers?

Fri May 30, 2014 2:59 pm

add a new firewall rule

Like this on the printscreens a made.

You can read the ip-address in "address lists" who try login and block these for 10 days

The first picture is the result, you can read the IP-address from the attacker

suporteitanet · Fri May 30, 2014 3:05 pm

add a new firewall rule

Like this on the printscreens a made.

You can read the ip-address in "address lists" who try login and block these for 10 days

Ty for help me .The last ask , its possible someone use the same ip (public ip) of my routerboard and this is dangerous?

Fri May 30, 2014 3:14 pm

You can configure a rogue DHCP-server alarm on your DHCP-server

Tis for see if somebody else turn a DHCP-server on your network.
See on my website how to do this
http://www.wirelessinfo.be/index.php/mi ... hcp-alerte

IF you have set the roque DHCP-server alarm a email will sent to you.

In firewall address list you see the IP-address that try login.

It's danger because he can take over your network.

This can you help you too.
http://www.wirelessinfo.be/index.php/mi ... s/services

Sorry this webpages is in dutch but follow the printscreens a made.

By carefull that you put in the IP-address from your PC
Only you can than login into your routerboard

suporteitanet · Fri May 30, 2014 3:22 pm

You can configure a rogue DHCP-server alarm on your DHCP-server

Tis for see if somebody else turn a DHCP-server on your network.
See on my website how to do this
http://www.wirelessinfo.be/index.php/mi ... hcp-alerte

IF you have set the roque DHCP-server alarm a email will sent to you.

In firewall address list you see the IP-address that try login.

It's danger because he can take over your network.

This can you help you too.
http://www.wirelessinfo.be/index.php/mi ... s/services

Sorry this webpages is in dutch but follow the printscreens a made.

By carefull that you put in the IP-address from your PC
Only you can than login into your routerboard

Fri May 30, 2014 3:32 pm

I have set a printscreen by the other two by firewall rule
This is the result that you can see.
Thanks for add the karma a appreciate that.

Ssh bruteforce atack inside my network.

Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.

Re: Ssh bruteforce atack inside my network.