Last week, one of our customers asked, "Can I report on SSH activity which may be using non-standard ssh ports?". They told us that someone scanned the firewall and found that port 10022 was open. They then used this open port to communicate via SSH to an internal server. From here they could the access any part of the network.
As you can see from the below screenshot, it was possible to create a report and we found someone was using SSH over TCP port 10022.
To set up the 'SSH activity on Non-Standard Ports' report, just follow these steps:
- Type Top Server Ports into the right hand report finder and then choose Bandwidth :: Top Server Ports.
- Use SSH (Secure Shell Protocol) as the CBAR protocol.
- Use !22 in the Server Port filter.
- Click View.
If you have any questions about any aspect of LANGuardian reporting, please contact us on firstname.lastname@example.org at any time.
You can view all archived tips & tricks emails on our community forum here.
Be the first to post a reply!