[arm-allstar] Does this look like someone is brute force attacking my node?
David McGough
kb4fxc at inttek.net
Tue Feb 25 02:10:36 EST 2020
Yep, your system is under a brute-force attack against ssh, trying to
guess a password to gain access.
ALSO, you're having a lot of "Under-voltage detected!" messages, complete
with "rpi_firmware_get_throttled" messages. YIKES! You definitely need a
beefier 5V power supply for the RPi! Under voltage is a chief cause of
system crashes and SD card corruption.
For the ssh attack issue, the first step I recommend is using an obscure
TCP port for ssh. Don't use any port ending with: 22. Try some port like:
6358 or 13846, etc., etc. This simple measure will most likely completely
stop the attacks. If it doesn't stop the attacks, then adding some
rate-limiting iptables rules would be a next step and that'll stop the
attackers in their tracks.
73, David KB4FXC
On Mon, 24 Feb 2020, "Matt Rhoades via ARM-allstar" wrote:
> I'm far from a network security guy.... but is this hundreds of attempts to
> ssh to my node with failed user/auth?
>
> https://paste.ofcode.org/GFCYh8eZbVSwWExjiNWmZ
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list