[arm-allstar] Selective IP Blocking
Benjamin Naber
silver at julesenigma.com
Wed Feb 14 12:40:23 EST 2024
Possibly more elegant solution is actually Implement your firewall either
using IP tables on the Node itself or at the router and only allow ports
for IAX and SSH and block everything else inbound.
Benjamin, KB9LFZ
On Wed, Feb 14, 2024, 06:20 David McGough via ARM-allstar <
arm-allstar at hamvoip.org> wrote:
>
> ...In proofreading, be below should say: ....which doesn't end in 22, 222
> -OR- 2222. *sigh* 73, David K4FXC
>
>
> On Wed, 14 Feb 2024, David McGough via ARM-allstar wrote:
>
> >
> > The simplest solution to fix this issue is simply to change the SSH port
> > to some obscure port number which doesn't end in 22, 222 to 2222. This
> > simple change will typically eliminate 99.99% of the attacks. If the
> > attack issue persists, there are other techniques which will help
> further.
> >
> > But, for a simple, first step, just change the SSHD port. This can be
> > done via the admin menu, option 8. NOTE that if your node is behind a
> NAT
> > firewall (running on a private IP address), you may need to change the
> > port forwarding as setup in the router to the new port number, too.
> >
> >
> > 73, David K4FXC
> >
> >
> > On Tue, 13 Feb 2024, Lloyd Duck wrote:
> >
> > > It’s on the Linux logs on supermon where I’m seeing it.
> > >
> > > Command: export TERM=vt100 && /usr/bin/sudo /usr/bin/journalctl
> --no-pager --since "1 day ago" | /bin/sed -e "/sudo/ d"
> > > -----------------------------------------------------------------
> > > -- Logs begin at Sun 2024-02-11 14:29:50 CST, end at Tue 2024-02-13
> 09:17:51 CST. --
> > > Feb 12 09:34:14 W5AW sshd[32556]: rexec line 110: Deprecated option
> UsePrivilegeSeparation
> > > Feb 12 09:34:15 W5AW sshd[32556]: Invalid user ic from 146.59.228.105
> port 49302
> > > Feb 12 09:34:15 W5AW sshd[32556]: pam_tally(sshd:auth): pam_get_uid;
> no such user
> > <snip>
> >
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list