Hello I have a lot of events "deny" followed by other "allow"; All of these to port 22 (SSH) from remote host to several IP(s) in my Untrust and DMZ Zone. <14>Jun 24 04:01:17 fw2orgt 1,2015/06/24 04:01:16,0003C102047,TRAFFIC,drop,0,2015/06/24 04:01:16,46.228.199.253,213.0.58.124,0.0.0.0,0.0.0.0,rule76,,,not-applicable,vsys1,Untrust,Untrust,ethernet1/3,,ACUNTIA,2015/06/24 04:01:16,0,1,43007,22,0,0,0x0,tcp,deny,74,74,0,1,2015/06/24 04:01:17,0,any,0,418084793,0x0,DE,ES,0,1,0 � http://www.abuseipdb.com/report-history/46.228.199.253 https://cymon.io/46.228.199.253 Categories for this IP 46.228.199.253: Hacking, FTP Brute-force, The "rule76" is the last in my security policy rules: These attempts could indicate an attack SSH (SSH Port Scan, Brute Force SSH, etc) and more if the source IPs have bad reputation. Reputation of the other source IP: http://www.abuseipdb.com/report-history/1.24.247.113 https://cymon.io/1.24.247.113 http://www.abuseipdb.com/report-history/123.212.190.217 https://cymon.io/123.212.190.217 http://www.abuseipdb.com/report-history/91.200.14.96 https://cymon.io/91.200.14.96 http://www.abuseipdb.com/report-history/192.3.108.133 https://cymon.io/192.3.108.133 Actually I have this Zone Proteccion Profile in my firewall: And I applied my Untrust zone: How to Avoid Remote SSH Scan? I appreciate any help with this issue. Regards,
... View more