[arm-allstar] Selective IP Blocking
David McGough
kb4fxc at inttek.net
Wed Feb 14 07:20:26 EST 2024
...In proofreading, be below should say: ....which doesn't end in 22, 222
-OR- 2222. *sigh* 73, David K4FXC
On Wed, 14 Feb 2024, David McGough via ARM-allstar wrote:
>
> The simplest solution to fix this issue is simply to change the SSH port
> to some obscure port number which doesn't end in 22, 222 to 2222. This
> simple change will typically eliminate 99.99% of the attacks. If the
> attack issue persists, there are other techniques which will help further.
>
> But, for a simple, first step, just change the SSHD port. This can be
> done via the admin menu, option 8. NOTE that if your node is behind a NAT
> firewall (running on a private IP address), you may need to change the
> port forwarding as setup in the router to the new port number, too.
>
>
> 73, David K4FXC
>
>
> On Tue, 13 Feb 2024, Lloyd Duck wrote:
>
> > It’s on the Linux logs on supermon where I’m seeing it.
> >
> > Command: export TERM=vt100 && /usr/bin/sudo /usr/bin/journalctl --no-pager --since "1 day ago" | /bin/sed -e "/sudo/ d"
> > -----------------------------------------------------------------
> > -- Logs begin at Sun 2024-02-11 14:29:50 CST, end at Tue 2024-02-13 09:17:51 CST. --
> > Feb 12 09:34:14 W5AW sshd[32556]: rexec line 110: Deprecated option UsePrivilegeSeparation
> > Feb 12 09:34:15 W5AW sshd[32556]: Invalid user ic from 146.59.228.105 port 49302
> > Feb 12 09:34:15 W5AW sshd[32556]: pam_tally(sshd:auth): pam_get_uid; no such user
> <snip>
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list