Why do I get Fail login attempt to Device frrom SSH from 61.177.173.48?
Ally Member
Accepted Solution
-
mMontana said:Security policy rules are processed in order. If an upper order rule hit a match, following rules are not processed.
Also, if the rule is not written correctly, the output might not reflect your desires.
my geo fences are #1 and #2 rule. However, embarrassed to report that I just found out that the GEO block "to Zywall" was set to allow.... So, my fault.
1
All Replies
-
DB version 20221018. I looked for the address you reported, and had the same output.
For services like SSH, admin interface and L2TP I suggest to use the whitelist approach (only selected addresses/nations can access) instead of the blacklist approach (allowed all the world except the selected nations)
It's way more focused and less prone to problems.0 -
So, are you saying Zyxel doesn't have 61.177.173.48 in the China DB?Where in the menu can I lock down login? Frankly, I can lock it down to local network access only fro SSH and WEB0
-
I am more and more baffled by this. I am getting failed SSH logins from Iran 34.100.181.71 (which is part of Asia). I blocked all Asia. Why is the security policy not trump SSH logins?
0 -
Security policy rules are processed in order. If an upper order rule hit a match, following rules are not processed.
Also, if the rule is not written correctly, the output might not reflect your desires.0 -
mMontana said:Security policy rules are processed in order. If an upper order rule hit a match, following rules are not processed.
Also, if the rule is not written correctly, the output might not reflect your desires.
my geo fences are #1 and #2 rule. However, embarrassed to report that I just found out that the GEO block "to Zywall" was set to allow.... So, my fault.
1 -
No embarass, IMVHO.We all make mistakes, so checking logs and verify settings is healthy way to find issues and solve it.Have a device compromised is way, way worse
1 -
the reason for me looking was slow web surfing. speedtest was ok. After fixing the geo fence web surfing speed is back to normal. Looks like my IP came into the crosshair....I have a couple of questions:1.) any harm to disable SSH?2.) What exactly is "authentication server" under system?3.) Can I lock login to local network only? How?0
-
1: any good enabling remote access for SSH?2: time for read the manual3: yes, you can. Again, read the manual.
IMVHO remote access to the firewall is a useful yet critical tool that need to be carefully assessed before allow it.0 -
tesagig said:mMontana said:Security policy rules are processed in order. If an upper order rule hit a match, following rules are not processed.
Also, if the rule is not written correctly, the output might not reflect your desires.
my geo fences are #1 and #2 rule. However, embarrassed to report that I just found out that the GEO block "to Zywall" was set to allow.... So, my fault.Hello @tesagigIt seems this discussion is extended by this discussion: https://community.zyxel.com/en/discussion/14725/question-about-a-security-log-entry#latest We are glad to hear that you resolved this problem by yourself
! Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
tesagig said:the reason for me looking was slow web surfing. speedtest was ok. After fixing the geo fence web surfing speed is back to normal. Looks like my IP came into the crosshair....I have a couple of questions:1.) any harm to disable SSH?2.) What exactly is "authentication server" under system?3.) Can I lock login to local network only? How?
Hi @tesagig1.) any harm to disable SSH?Ans: If disabling remote SSH, it means nobody can access the device by remote SSH.2.) What exactly is "authentication server" under system?Ans: Could you specify what is the definition of "authentication server" for us? Do you have any specific purpose for "authentication server"?3.) Can I lock login to local network only? How?Ans:You can remove SSH service from the security policy "WAN_to_Device" and allow any service from the security policy "LAN1_to_Device" and "LAN2_to_Device".
The more useful firewall security protection methods, please refer to this link: https://community.zyxel.com/en/discussion/10920/best-practices-to-secure-a-distributed-network-infrastructure
Thanks.
See how you've made an impact in Zyxel Community this year!
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
