[arm-allstar] NOTICE for user's with public ssh on port 222
stanley stanukinos
ka5iid at swbell.net
Mon Mar 6 15:57:50 EST 2023
Use fail to ban and input the blocks from those ranges. Drop all packets do not respond to icmp. They start their probing there.
Stan
Sent from my iPhone
> On Mar 6, 2023, at 2:39 PM, Joe Moskalski via ARM-allstar <arm-allstar at hamvoip.org> wrote:
>
> I have addressed this issue with 2 solutions. One is ban all the IP ranges
> from India, China and Russia in my firewall. It's not very surgical but
> it's effective. The other is setup a L2TP VPN and not make the SSH port
> open to the public only being able to access it through the VPN.
>
>> On Mon, Mar 6, 2023, 2:13 PM kd6gdb--- via ARM-allstar <
>> arm-allstar at hamvoip.org> wrote:
>>
>> Where did this get to? One of my private nodes has seemed to have become a
>> favorite in India with over 500 attempts per hour.
>>
>> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]' |sort -u
>> 103.246.240.30
>> 104.168.64.249
>> 113.20.31.42
>> 119.93.23.178
>> 128.199.246.42
>> 134.17.89.159
>> 137.184.37.163
>> 164.163.104.184
>> 164.90.229.196
>> 167.233.7.218
>> 170.64.178.90
>> 177.72.99.10
>> 190.144.141.210
>> 192.241.157.114
>> 31.41.244.124
>> 36.255.221.147
>> 43.129.201.229
>> 47.243.106.91
>>
>> [root at Node1502 local]# uptime
>> 10:04:55 up * 1:06, * 1 user, load average: 0.11, 0.18, 0.17
>>
>> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]' |wc
>> *505* 505 7296
>>
>> On Sun, Apr 5, 2020 at 7:38 PM "Al Beard via ARM-allstar" <
>> arm-allstar at hamvoip.org> wrote:
>>
>>> Hi,
>>>
>>> This will get you the SSHD info to check:
>>>
>>> journalctl _COMM=sshd -n 1000 > sshd.log
>>>
>>> Fedora linux uses "systemd" but still creates most of the "standard"
>>> unix log files such that sys-admin's scripts will still mostly work.
>>>
>>> I've been using Fedora on ARM systems because they put quite an effort
>>> into supporting many many boards AND I could move the root (/) filesystem
>>> onto a real hard disk either USB or SATA (as in the Banana Pi) and have
>> no
>>> and I mean NO SD card wear out problems.
>>> And, the kernel update process worked seamlessly. dnf -y upgrade
>>>
>>> My first Raspberry Pi version 1 with 256Mb ram would burn out an SD card
>>> in a day. Thus, with SATA disks everywhere I looked for a SoC with a SATA
>>> interface and found the Allwinner A20 chip on the Banana Pi board did.
>>>
>>> Alan VK2ZIW
>>>
>>> On Sun, 5 Apr 2020 17:31:47 -0700, \"Tony via ARM-allstar\" wrote
>>>> On 4/5/20 4:44 PM, "David McGough via ARM-allstar" wrote:
>>>>> ... I'll upload a copy of the code I'm using, if you'd like to
>>> experiment
>>>>> with it? This code will get wrapped into a package included in
>>> HamVoIP,
>>>>> ultimately.
>>>>
>>>> Is it essentially a Hamvoip-specific configuration for the fail2ban
>>> package?
>>>> _______________________________________________
>>>>
>>>> ARM-allstar mailing list
>>>> ARM-allstar at hamvoip.org
>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>
>>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>>
>>>
>>> ---------------------------------------------------
>>> Alan Beard
>>>
>>> OpenWebMail 2.53
>>>
>>> _______________________________________________
>>>
>>> ARM-allstar mailing list
>>> ARM-allstar at hamvoip.org
>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>
>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>>
>>
>>
>> --
>> Pursuant to U.S. Code, title 47, Chapter 5, Sub chapter II, ß227,
>> "Any and all non solicited commercial E-mail sent to this address is
>> subject to a download and archival fee of $500.00 U.S.". E-mailing denotes
>> acceptance of these terms.
>> _______________________________________________
>>
>> ARM-allstar mailing list
>> ARM-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
More information about the ARM-allstar
mailing list