SSHd and SSHGuard logs in pfSense
-
hello,
I have recently seen the following logs in our pfSense logs (System/General) Not sure if the screenshot is OK and normal or if there is something going on. I looked at the system and I don't see anything right yet unusual?
-
@unififcf do you have something that monitors or discovers, something looking on your network for stuff listening on ssh?
That is one of your local IPs 192.168.120.20
-
On that PC, we did have a monitor but not looking specifically for SSH connections. just packet captures in general. we also had putty on there, but that's really it.
I removed everything I saw on the local machine, but didn't see anything else related to SSH.
Since I am not well versed here, I just don't know what to say.
-
@unififcf Well clearly something from that IP is hitting pfsense IP.. Maybe look on that box for what is making the connection..
netstat can be used both on windows or linux for finding the PID of what is making a connection. To track down what is causing the connection attempts
-
-
Would rumble.run app be doing that? I do use that for network discovery.
-
@unififcf said in SSHd and SSHGuard logs in pfSense:
I do use that for network discovery.
hehe - yeah quite possible, I don't know that app specific, but if its used for network discovery its quite likely its talking to IPs on common services, etc. to see if they listen, etc.
-
you have been such a huge help!
that pointed me in the right direction...just chatted with rumble team and this is the response:
"We do probe ssh and send a username, but we do NOT sent a password (so it’s not a full login attempt)."
-
@unififcf can you adjust it so it doesn't check pfsense for ssh?
-
@johnpoz
Yes sir they said that I can disable thatIt is a huge burden off my shoulders