[arm-allstar] Does this look like someone is brute force attacking my node?

David McGough kb4fxc at inttek.net
Tue Feb 25 02:10:36 EST 2020


Yep, your system is under a brute-force attack against ssh, trying to 
guess a password to gain access.

ALSO, you're having a lot of "Under-voltage detected!" messages, complete
with "rpi_firmware_get_throttled" messages. YIKES! You definitely need a
beefier 5V power supply for the RPi!  Under voltage is a chief cause of
system crashes and SD card corruption.

For the ssh attack issue, the first step I recommend is using an obscure 
TCP port for ssh. Don't use any port ending with: 22. Try some port like: 
6358 or 13846, etc., etc. This simple measure will most likely completely 
stop the attacks.  If it doesn't stop the attacks, then adding some 
rate-limiting iptables rules would be a next step and that'll stop the 
attackers in their tracks.



73, David KB4FXC








On Mon, 24 Feb 2020, "Matt Rhoades via ARM-allstar" wrote:

> I'm far from a network security guy.... but is this hundreds of attempts to
> ssh to my node with failed user/auth?
> 
> https://paste.ofcode.org/GFCYh8eZbVSwWExjiNWmZ
> _______________________________________________
> 
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> 
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> 



More information about the ARM-allstar mailing list