[arm-allstar] NOTICE for user's with public ssh on port 222
David McGough
kb4fxc at inttek.net
Sun Apr 5 11:29:21 EDT 2020
Hi Everyone,
Over the recent weeks there has been a HUGE increase in Internet hacking
attempts targeting ALL Internet visible ssh servers on ports 22, 222 and
other ports ending in "22."
In general, this hacking is unsuccessful at gaining system access,
assuming that you used a good quality root password! However, while not
gaining system access, this hacking can still generate a Denial of Service
condition for users. The way it does this is by filling up logfiles (e.g.:
/var/log/btmp), causing filesystem out-of-space related errors. Hacking
can also cause audio quality problems (dropped packets) due to the shear
volume of hacking related network traffic.
Fortunately, there are some simple solutions. First, if you don't really
need ssh visible to the Internet, just block ssh access at your Internet
router.
A Second method is to change the ssh port from 222 to some obscure port;
maybe like: 19876. While "hiding" the port isn't considered the best
strategy, is does work very effectively FOR NOW, remembering that hackers
continually adapt their techniques.
Third, to help mitigate this issue no matter what ssh port you use, we're
adding some very lightweight tools to HamVoIP to monitor various files
(e.g.: /var/log/btmp) and automatically block hacking attempts using
iptables. This code is being tested now and will be released soon. More
details to follow about this.
Stay home and stay healthy!
73, David KB4FXC
More information about the ARM-allstar
mailing list