[arm-allstar] Node Compromised
Benjamin Naber
Benjamin at KB9LFZ.com
Tue Jan 30 19:25:40 EST 2018
The chinese are notorious for trying to get into anything with VoIP
ports open.
I see it all the time on the IP connection monitor at work.
If you have the ability to adjust how un-wanted connection packets are
handled, the un-wanted packets should be simply dropped, no return
reply.
I agree with Doug, enable the firewall if it is not behind another edge
router with a firewall already enabled.
If any of the above are true, you may have to enable IP blocked lists
at the router level.
If that is not possible, use fail2ban to auto block multiple connection
attempts from the same IP.
Learn how to use iptables and then block IP ranges from the offending
countries.
~Benjamin, KB9LFZ
On Tue, 2018-01-30 at 09:30 -0700,
> Hi All,
>
> Are any of you aware of active exploits in the wild for these nodes?
> Our node got compromised last night and started saturating a 1Gig
> link. I was working at the time so I was not able to investigate, I
> had to shut it down. I will throw a packet sniffer on it tonight and
> see what it's trying to get too. Just thought I'd give a shout out to
> the thread to see if anyone else is being targeted or is aware of
> exploits for hamvoip, echolink or allstar.
>
> Thanks in advance for any help you can offer.
>
> --
> Brian Marshall
> KE0LTD
> @pgp.mit.edu
> https://www.linkedin.com/in/bmarshallbri
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
More information about the arm-allstar
mailing list