02-27-2023 11:36 AM - edited 02-27-2023 11:38 AM
I have what I thought was going to be relatively easy task. Our syslog server logs more than 20,000 login attempts in 48 hours to log in using a variety of root, admin, administrator and random email accounts. While all have been prevented it may only be a matter of time before they are successful.
The network has an edge router C892FSP-K9 with several port forwarding statements for mail and a few other network services needed outside the office.
I moved ahead taking the logs and converting high occurrence attacks into an ACL and placing that on our edge egress interface a Cisco C892FSP-K9.
What happens is that we get a short lived benefit and then hammered again from new IPs.
I am rethinking the ACL solution I am currently using which uses a single IP Address DENY statement, one after the other, in an ACL list that is now hundreds of lines in length with at this time no apparent end in sight. I am think that there must be a better way to implement protection. The site does not want to move to an ASA device so I will need to implement using the C892FSP-K9.
So I am seeking a different way to implement edge security to stop such attacks and looking for some input on how to proceed.
02-27-2023 12:41 PM
@Carl Fitzsimmons perhaps consider the TCP intercept feature on IOS routers.
A Zone-Based Firewall (ZBFW) might be better than ACL, but a proper firewall would obviously be better.
03-01-2023 06:30 AM
I will check this out
02-27-2023 02:37 PM
How big is the WAN link?
03-01-2023 06:31 AM
Cable at 400Mb
03-01-2023 02:25 PM
@Carl Fitzsimmons wrote:
Cable at 400Mb
A puny 89x router will not be able to push beyond 50 Mbps with "vanilla" config.
03-01-2023 07:29 AM
I wouldn't chase router security options for this use case. If the business won't sponsor a proper enterprise firewall like a Cisco Secure 1000 series (or Fortinet/Palo Alto etc.) then even pfSense running on Netgate would work ok - and MUCH better than even an expertly tuned router.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: