is there a way to disable ssh/telnet etc on gi/0/0 on a Cisco 2900 series router?
I have a lot of attempted connects like "%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 126.96.36.199"
From countries that rhyme with china, iran etc.
You can configure a simple standard ACL and permit IPs of hosts you want to allow the ssh from and deny everything else. You will just have to call the ACL in line vty.
well, it's on the port that connects to the WAN side of the router, and I don't think anything/one should be able to connect to it.
What would a simple ACL to do that look like?
You can configure simple ACL as:
access-list 1 permit host x.x.x.x
line vty 0 4
access-class 1 in
here: X.X.X.X is your management server IP address.
A standard acl applied using access-class on vty is certainly one solution. If G0/0 is the Internet facing Interface then perhaps it already has a screening acl applied and if so then there is the option to add statements denying inbound telnet and ssh.