[arm-allstar] Does this look like someone is brute force attacking my node?

Doug Crompton wa3dsp at gmail.com
Tue Feb 25 14:14:59 EST 2020 

Please keep in mind that in most cases there is no reason to port forward
the ssh port unless you need or want control of your node from a remote
source. Most node operators do not, but they forward this port anyhow. If
you have only an occasional need for outside access then only forward for
that need. Also keep in mind that other than the additional traffic, using
a good random greater than 10 character upper/lower, numeric, special
character password is not going to get broken. They eventually give up.
Also the ssh process itself will slow them down.

So lets not make a big deal about this. It comes up like many other topics
on this list on a cyclic basis when someone complains. The for days it
becomes the topic of discussion. It has gone on forever and will go on
forever. No you can't trace with any reliability who it is so it is usually
not even worth the time trying.


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*

On Tue, Feb 25, 2020 at 1:53 PM "Don Backstrom - AA7AU via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:

> On Tue 25-Feb-20 06:52, "kd6gdb--- via ARM-allstar" wrote:
> > Most of em are automated attacks from china.
>
>         As the admin for a number of publicly viewable [mostly low-volume]
> websites, I see lots and lots and lots of bot attacks, of all sorts,
> from IP addresses from all over the world, including from the good-old USA.
>
>         For most sites, I am able to block by underlying generally
> accurate
> country code for the IP range, but that doesn't stop the US-based
> attacks (whom I cannot block in toto). Many of those are from Amazon,
> GoDaddy, etc type hosting accounts and I suspect most of those accounts
> are throw-away. Many of the rest from the US seem to be from residential
> networks.
>
>         It's anyone guess who is behind any one one of these bot networks,
> but
> I can tell exactly where the fault lies ... those gentle innocent folks
> who have NOT properly protected* their home/small-biz computers/accounts
> - which then became infected by the bad guys and are now the hidden
> fortresses for those bot networks.
>
>         <opinion> *BTW: properly protected does NOT mean simply paying
> someone
> else for a glossy "Anti-whatever" package and understanding nothing
> about it. It also, in my mind at least, means NOT running Windows10
> unless you understand it and have fully secured it. M$ is a big part of
> the problem, certainly not the solution. </opinion>
>
>         If it's convenient, you're at risk (as well as everyone else)!
>
>         We have met the enemy and he is us!  (Pogo Papers, c. 1953)
>
>         Just another perspective,
>
>         - Don - AA7AU
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>

More information about the ARM-allstar mailing list