[arm-allstar] Selective IP Blocking
Anthony (N2KI)
n2ki.ham at gmail.com
Wed Feb 14 22:10:07 EST 2024
I was looking at IP Tables and it is sunsetted according to what I read. So
I am not sure I want to add a package that will no longer be supported.
Anthony
N2KI
On Wed, Feb 14, 2024, 20:10 Benjamin Naber via ARM-allstar <
arm-allstar at hamvoip.org> wrote:
> Possibly more elegant solution is actually Implement your firewall either
> using IP tables on the Node itself or at the router and only allow ports
> for IAX and SSH and block everything else inbound.
>
> Benjamin, KB9LFZ
>
>
> On Wed, Feb 14, 2024, 06:20 David McGough via ARM-allstar <
> arm-allstar at hamvoip.org> wrote:
>
> >
> > ...In proofreading, be below should say: ....which doesn't end in 22,
> 222
> > -OR- 2222. *sigh* 73, David K4FXC
> >
> >
> > On Wed, 14 Feb 2024, David McGough via ARM-allstar wrote:
> >
> > >
> > > The simplest solution to fix this issue is simply to change the SSH
> port
> > > to some obscure port number which doesn't end in 22, 222 to 2222. This
> > > simple change will typically eliminate 99.99% of the attacks. If the
> > > attack issue persists, there are other techniques which will help
> > further.
> > >
> > > But, for a simple, first step, just change the SSHD port. This can be
> > > done via the admin menu, option 8. NOTE that if your node is behind a
> > NAT
> > > firewall (running on a private IP address), you may need to change the
> > > port forwarding as setup in the router to the new port number, too.
> > >
> > >
> > > 73, David K4FXC
> > >
> > >
> > > On Tue, 13 Feb 2024, Lloyd Duck wrote:
> > >
> > > > It’s on the Linux logs on supermon where I’m seeing it.
> > > >
> > > > Command: export TERM=vt100 && /usr/bin/sudo /usr/bin/journalctl
> > --no-pager --since "1 day ago" | /bin/sed -e "/sudo/ d"
> > > > -----------------------------------------------------------------
> > > > -- Logs begin at Sun 2024-02-11 14:29:50 CST, end at Tue 2024-02-13
> > 09:17:51 CST. --
> > > > Feb 12 09:34:14 W5AW sshd[32556]: rexec line 110: Deprecated option
> > UsePrivilegeSeparation
> > > > Feb 12 09:34:15 W5AW sshd[32556]: Invalid user ic from 146.59.228.105
> > port 49302
> > > > Feb 12 09:34:15 W5AW sshd[32556]: pam_tally(sshd:auth): pam_get_uid;
> > no such user
> > > <snip>
> > >
> > > _______________________________________________
> > >
> > > ARM-allstar mailing list
> > > ARM-allstar at hamvoip.org
> > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> > >
> >
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list