[arm-allstar] SSHD attacks

David McGough kb4fxc at inttek.net
Sat Jan 9 11:11:26 EST 2021


I'll post updated info about the hvutmptail filter and how to use it later 
today.


On Sat, 9 Jan 2021, Brad Trogdon wrote:

> Thanks for the tip!   A little more digging I did see that that note was a
> focus.   This one is non standard but somehow got found. :/
> 
> The filter helper you referenced how can I find info on that puppy?   And
> what started my looking is all of a sudden all my Reverse SSH connections
> are failing.  Love the hobby keeps me with things to do and investigate.
> 
> -Brad
> 
> On Sat, Jan 9, 2021 at 10:48 AM David McGough <kb4fxc at inttek.net> wrote:
> 
> >
> > Brad,
> >
> > I recommend changing the ssh server to use a non-standard port and then
> > adding some iptables filtering to limit excessive connections. I wrote a
> > small filter helper in C (hvutmptail program), which is very lightweight.
> >
> > I don't recommend running fail2ban on an RPi system, since fail2ban itself
> > can be a resource hog.
> >
> > 73, David KB4FXC
> >
> >
> > On Sat, 9 Jan 2021, "Brad Trogdon via ARM-allstar" wrote:
> >
> > > Howdy all,  Looking through the threads I don't see a direct answer.
> > >
> > > I am getting pounded by login attempts and have turned off the port.  My
> > > question is should I set up fail2ban or Sshguard to discourage open
> > > hammering?   Is there anything included in the HamVoIP image that I could
> > > take advantage of?
> > >
> > > -Brad W4INT
> > > _______________________________________________
> > >
> > > ARM-allstar mailing list
> > > ARM-allstar at hamvoip.org
> > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> > >
> >
> >
> 



More information about the ARM-allstar mailing list