Pace firewall and ssh attacks

[tatere]

I have Fusion DSL service with the Pace 4111N modem. The modem's firewall is enabled. There are a couple of ports opened, forwarding to a NAS, but that's it.

I noticed, though, that I'm seeing a lot of ssh attempts on a Linux box here. I can do the usual stuff on that box to block IPs and such, but what I don't understand is how are they getting in to begin with? Shouldn't the firewall be blocking this?

[radeyes]

Are you sure about this? Are the incoming IP addresses of the SSH attempts external IPs or internal ones?
I would be concerned if I saw this happening. Either you have configured port forwarding for SSH, or perhaps you have your router configured in some nonstandard way (like bridge mode or DMZ mode)

[tatere]

they're external IPs, i do not have anything in DMZ mode, i am not using bridge mode, and yeah i'm a little concerned too. thus the post.

[cduran]

I agree that the Pace firewall should have been blocking those SSH attempts unless:

• The linux box was set as the DMZplus enabled device.
• The linux box was connected to a port configured as a LAN subport.
• The port being used for the SSH attempts was set to forward to the linux box.
• The Pace was configured in bridge mode

It doesn't look like your Pace is still running the config mentioned in the original post. Feel free to PM me if you have some time and would like to investigate further.