Reset Search
 

 

Article

XSR Crashes on SSH2 Listener Task

« Go Back

Information

 
TitleXSR Crashes on SSH2 Listener Task
Symptoms
  • XSR crashes frequently
  • Fault Report contains Crashed Task = SSH2_LISTENER
Environment
XSR
Router is listening on SSH - this is a default setting for all ports
Cause
Most often this is a DOS attack by hitting the router with large number of SSH packets in short time.
Resolution
Configuration choices are:
 
1.  Disable SSH globally from config mode, but this may shut down the ability to manage the router as SSH is generally the preferred method of access to the CLI.
ip ssh server disable
 
2.  Use ACL to block SSH to the interface which is receiving the offending attack:
access-list 100 deny tcp any gt 1023 host (address of interface being attacked)  eq 22
access-list 100 deny udp any gt 1023 host (address of interface being attacked)  eq 22
access-list 100 permit ip any any


Apply this to the interface being attacked, typically the public facing interface:
interface f2
ip access-group 100 in

 
3.  Configure the firewall to restrict from where the SSH connections may be made:
ip firewall network Internet 0.0.0.0 mask 0.0.0.0 external
ip firewall network PUBLIC 192.0.2.1 mask 255.255.255.255 internal

ip firewall policy Block_SSH Internet PUBLIC SSH reject

 

 
Additional notes
The examples above are only generic and do not necessarily represent how they may be implemented for any given router or network configuration.  Please contact the GTAC for detailed assistance.
 
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255