[arm-allstar] Selective IP Blocking
David McGough
kb4fxc at inttek.net
Wed Feb 14 07:16:10 EST 2024
The simplest solution to fix this issue is simply to change the SSH port
to some obscure port number which doesn't end in 22, 222 to 2222. This
simple change will typically eliminate 99.99% of the attacks. If the
attack issue persists, there are other techniques which will help further.
But, for a simple, first step, just change the SSHD port. This can be
done via the admin menu, option 8. NOTE that if your node is behind a NAT
firewall (running on a private IP address), you may need to change the
port forwarding as setup in the router to the new port number, too.
73, David K4FXC
On Tue, 13 Feb 2024, Lloyd Duck wrote:
> It’s on the Linux logs on supermon where I’m seeing it.
>
> Command: export TERM=vt100 && /usr/bin/sudo /usr/bin/journalctl --no-pager --since "1 day ago" | /bin/sed -e "/sudo/ d"
> -----------------------------------------------------------------
> -- Logs begin at Sun 2024-02-11 14:29:50 CST, end at Tue 2024-02-13 09:17:51 CST. --
> Feb 12 09:34:14 W5AW sshd[32556]: rexec line 110: Deprecated option UsePrivilegeSeparation
> Feb 12 09:34:15 W5AW sshd[32556]: Invalid user ic from 146.59.228.105 port 49302
> Feb 12 09:34:15 W5AW sshd[32556]: pam_tally(sshd:auth): pam_get_uid; no such user
<snip>
More information about the ARM-allstar
mailing list