[arm-allstar] SSHD attacks
David McGough
kb4fxc at inttek.net
Sat Jan 9 11:11:26 EST 2021
I'll post updated info about the hvutmptail filter and how to use it later
today.
On Sat, 9 Jan 2021, Brad Trogdon wrote:
> Thanks for the tip! A little more digging I did see that that note was a
> focus. This one is non standard but somehow got found. :/
>
> The filter helper you referenced how can I find info on that puppy? And
> what started my looking is all of a sudden all my Reverse SSH connections
> are failing. Love the hobby keeps me with things to do and investigate.
>
> -Brad
>
> On Sat, Jan 9, 2021 at 10:48 AM David McGough <kb4fxc at inttek.net> wrote:
>
> >
> > Brad,
> >
> > I recommend changing the ssh server to use a non-standard port and then
> > adding some iptables filtering to limit excessive connections. I wrote a
> > small filter helper in C (hvutmptail program), which is very lightweight.
> >
> > I don't recommend running fail2ban on an RPi system, since fail2ban itself
> > can be a resource hog.
> >
> > 73, David KB4FXC
> >
> >
> > On Sat, 9 Jan 2021, "Brad Trogdon via ARM-allstar" wrote:
> >
> > > Howdy all, Looking through the threads I don't see a direct answer.
> > >
> > > I am getting pounded by login attempts and have turned off the port. My
> > > question is should I set up fail2ban or Sshguard to discourage open
> > > hammering? Is there anything included in the HamVoIP image that I could
> > > take advantage of?
> > >
> > > -Brad W4INT
> > > _______________________________________________
> > >
> > > ARM-allstar mailing list
> > > ARM-allstar at hamvoip.org
> > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> > >
> >
> >
>
More information about the ARM-allstar
mailing list