Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Feb 2017
    Posts
    1

    Default How to block SSH login attempts

    Hello all,

    I have a network:
    Router --(one cable)-- Untangle Transparant Bridge --(one cable)-- Switch --(many cables)-- WAP/Computers/NAS via Cable

    On the router, I have port 22 forwarded to an internal IP address.

    Of course, all kinds of hackers are trying to login at port 22 at that device, a Synology NAS in this case. On the NAS I have auto-block on of course.
    But also IPS from Untangle is detecting these passwords guessers and it shows up in the IPS logs as 'client created many SSH sessions' with random internet IP addresses as the source and the internal IP of my NAS as destinations.
    So far, so good!
    But, I'd like Untangle to automatically block these IPs after it detects 'many ssh sessions created'. So I went into the IPS rules and looked for any rule with 'ssh' or 'many sessions' in it's name wanting to set that rule to 'block'. But I can't seem to find which rule is causing the alert and hence would need to be changed to 'block' instead of 'log'.

    How can I find this rule?

    Thanks!

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    15,666

    Default

    The alert rules are in apps > reports > alert rules currently.

    (That alert has nothing to do with Intrusion Prevention)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2