This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to suppress 'I see fairly frequent 'SSH connection attempt' messages in the log?

I see a couple dozen of these every day.  I have confirmed the addresses are NOT being triggered by country blocking.  Also being tagged as 'SSH connection attempt' seems to imply being handled specially?  An occasional 'WebAdmin connection attempt' as well.  Explicit rules added to silently drop these are ineffectual.  I did read Rule #2 and nothing there seems to apply?



This thread was automatically locked due to age.
Parents
  • As the services running in the UTM (sshd, apache) have priority over firewall rules, you can not drop or reject. Use a DNAT rule instead to redirect the requests to a blackhole route.

    For SSH: I run my ssh service on another (unusual) port. I know this does not prevent "real" hackers, but the millions of script kiddies that run scans without knowing what they do do not appear in your logfiles any longer and you can care about the "real" attackers

     

Reply
  • As the services running in the UTM (sshd, apache) have priority over firewall rules, you can not drop or reject. Use a DNAT rule instead to redirect the requests to a blackhole route.

    For SSH: I run my ssh service on another (unusual) port. I know this does not prevent "real" hackers, but the millions of script kiddies that run scans without knowing what they do do not appear in your logfiles any longer and you can care about the "real" attackers

     

Children