[arm-allstar] NOTICE for user's with public ssh on port 222
kd6gdb at gmail.com
kd6gdb at gmail.com
Mon Mar 6 17:43:18 EST 2023
Thanks to all,
I like the fail2ban solution and use it alot for my other servers but am
concerned with the overhead. Obviously the double edge sword here is what
uses more resources, the constant pounding on my poor little RPi3 node from
bots around the world that think I am the back door to the "NORAD
supercomputer known as WOPR (War Operation Plan Response, pronounced
"whopper"), programmed to continuously run war simulations and learn over
time" - see the movie WARGAMES (1983) for background or moving dull ham
radio audio from the world most obnoxious repeater in Los Angeles.
On Mon, Mar 6, 2023 at 1:47 PM stanley stanukinos via ARM-allstar <
arm-allstar at hamvoip.org> wrote:
> Use fail to ban and input the blocks from those ranges. Drop all packets
> do not respond to icmp. They start their probing there.
>
> Stan
>
> Sent from my iPhone
>
> > On Mar 6, 2023, at 2:39 PM, Joe Moskalski via ARM-allstar <
> arm-allstar at hamvoip.org> wrote:
> >
> > I have addressed this issue with 2 solutions. One is ban all the IP
> ranges
> > from India, China and Russia in my firewall. It's not very surgical but
> > it's effective. The other is setup a L2TP VPN and not make the SSH port
> > open to the public only being able to access it through the VPN.
> >
> >> On Mon, Mar 6, 2023, 2:13 PM kd6gdb--- via ARM-allstar <
> >> arm-allstar at hamvoip.org> wrote:
> >>
> >> Where did this get to? One of my private nodes has seemed to have
> become a
> >> favorite in India with over 500 attempts per hour.
> >>
> >> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]'
> |sort -u
> >> 103.246.240.30
> >> 104.168.64.249
> >> 113.20.31.42
> >> 119.93.23.178
> >> 128.199.246.42
> >> 134.17.89.159
> >> 137.184.37.163
> >> 164.163.104.184
> >> 164.90.229.196
> >> 167.233.7.218
> >> 170.64.178.90
> >> 177.72.99.10
> >> 190.144.141.210
> >> 192.241.157.114
> >> 31.41.244.124
> >> 36.255.221.147
> >> 43.129.201.229
> >> 47.243.106.91
> >>
> >> [root at Node1502 local]# uptime
> >> 10:04:55 up * 1:06, * 1 user, load average: 0.11, 0.18, 0.17
> >>
> >> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]' |wc
> >> *505* 505 7296
> >>
> >> On Sun, Apr 5, 2020 at 7:38 PM "Al Beard via ARM-allstar" <
> >> arm-allstar at hamvoip.org> wrote:
> >>
> >>> Hi,
> >>>
> >>> This will get you the SSHD info to check:
> >>>
> >>> journalctl _COMM=sshd -n 1000 > sshd.log
> >>>
> >>> Fedora linux uses "systemd" but still creates most of the "standard"
> >>> unix log files such that sys-admin's scripts will still mostly work.
> >>>
> >>> I've been using Fedora on ARM systems because they put quite an effort
> >>> into supporting many many boards AND I could move the root (/)
> filesystem
> >>> onto a real hard disk either USB or SATA (as in the Banana Pi) and have
> >> no
> >>> and I mean NO SD card wear out problems.
> >>> And, the kernel update process worked seamlessly. dnf -y upgrade
> >>>
> >>> My first Raspberry Pi version 1 with 256Mb ram would burn out an SD
> card
> >>> in a day. Thus, with SATA disks everywhere I looked for a SoC with a
> SATA
> >>> interface and found the Allwinner A20 chip on the Banana Pi board did.
> >>>
> >>> Alan VK2ZIW
> >>>
> >>> On Sun, 5 Apr 2020 17:31:47 -0700, \"Tony via ARM-allstar\" wrote
> >>>> On 4/5/20 4:44 PM, "David McGough via ARM-allstar" wrote:
> >>>>> ... I'll upload a copy of the code I'm using, if you'd like to
> >>> experiment
> >>>>> with it? This code will get wrapped into a package included in
> >>> HamVoIP,
> >>>>> ultimately.
> >>>>
> >>>> Is it essentially a Hamvoip-specific configuration for the fail2ban
> >>> package?
> >>>> _______________________________________________
> >>>>
> >>>> ARM-allstar mailing list
> >>>> ARM-allstar at hamvoip.org
> >>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>>>
> >>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >>>
> >>>
> >>> ---------------------------------------------------
> >>> Alan Beard
> >>>
> >>> OpenWebMail 2.53
> >>>
> >>> _______________________________________________
> >>>
> >>> ARM-allstar mailing list
> >>> ARM-allstar at hamvoip.org
> >>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>>
> >>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >>>
> >>
> >>
> >> --
> >> Pursuant to U.S. Code, title 47, Chapter 5, Sub chapter II, ß227,
> >> "Any and all non solicited commercial E-mail sent to this address is
> >> subject to a download and archival fee of $500.00 U.S.". E-mailing
> denotes
> >> acceptance of these terms.
> >> _______________________________________________
> >>
> >> ARM-allstar mailing list
> >> ARM-allstar at hamvoip.org
> >> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>
> >> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >>
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
--
Pursuant to U.S. Code, title 47, Chapter 5, Sub chapter II, ß227,
"Any and all non solicited commercial E-mail sent to this address is
subject to a download and archival fee of $500.00 U.S.". E-mailing denotes
acceptance of these terms.
More information about the ARM-allstar
mailing list