You have a Linux server running on a custom network. There's an allow firewall rule with an IP filter of 0.0.0.0/0 with a protocol/port of tcp:22. The logs on the instance show a constant stream of attempts from different IP addresses, trying to connect via SSH. You suspect this is a brute force attack.
How might you change the firewall rule to stop this from happening and still enable access for legit users?
- Stop the instance.
- Deny all traffic to port 22.
- Change the port that SSH is running on in the instance and change the port number in the firewall rule.
- Change the IP address range in the filter to only allow known IP addresses.