[arm-allstar] Node Compromised

[Doug Crompton]

Brian,

 Is your Allstar server behind a router or directly on the Internet? Any
server that is directly on the Internet and does not have any forward
firewall protection should have the firewall in the hamvoip code turned on
(enabled)  This can be done in the /usr/local/etc/allstar.env file by
setting the firewall to "enabled" and rebooting.  When enabled the
necessary Allstar ports are allowed but everything else is blocked.
Adjustments to rules (if you know what you are doing!) can be made in the
rules in the /etc/openvpn/firewall file.

The majority of Allstar users are nat'ed behind a router and should not
need to use the built-in firewall. By default it is disabled.


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*



On Tue, Jan 30, 2018 at 11:30 AM, "Brian Marshall via arm-allstar" <
arm-allstar at hamvoip.org> wrote:

> Hi All,
>
> Are any of you aware of active exploits in the wild for these nodes? Our
> node got compromised last night and started saturating a 1Gig link. I was
> working at the time so I was not able to investigate, I had to shut it
> down. I will throw a packet sniffer on it tonight and see what it's trying
> to get too. Just thought I'd give a shout out to the thread to see if
> anyone else is being targeted or is aware of exploits for hamvoip, echolink
> or allstar.
>
> Thanks in advance for any help you can offer.
>
> --
> Brian Marshall
> KE0LTD
> @pgp.mit.edu
> <https://pgp.mit.edu/pks/lookup?op=get&search=0x100AB721E04E2412>
> https://www.linkedin.com/in/bmarshallbri
>
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hamvoip.org/pipermail/arm-allstar/attachments/20180130/75c81924/attachment.html>