[arm-allstar] Selective IP Blocking
David McGough
kb4fxc at inttek.net
Wed Feb 14 22:31:01 EST 2024
iptables isn't going anywhere! It is true that the actual kernel modules
(AKA: netfilter) have evolved to become nftables (and the nft command),
which can be considered a superset of the more limited functionality
originally found in iptables.
Since nft is a superset, the original iptables commands are now simply
internally mapped to the nft equivalents. I expect that the iptables
command syntax and functionality will be here for the foreseeable future
and it most certainly is still fully supported as of now.
All this being said, if the SSHD is being attacked, the simple and
effective solution is simply to change the TCP port used. There is no
reason to overcomplicate the solution! ....If changing ports doesn't
resolve the attack issues, then as a next step add a capable firewall,
which will certainly resolve this concern.
73, David K4FXC
On Wed, 14 Feb 2024, Anthony (N2KI) via ARM-allstar wrote:
> I was looking at IP Tables and it is sunsetted according to what I read. So
I am not sure I want to add a package that will no longer be supported.
Anthony
N2KI
On Wed, Feb 14, 2024, 20:10 Benjamin Naber via ARM-allstar <
arm-allstar at hamvoip.org> wrote:
> Possibly more elegant solution is actually Implement your firewall either
> using IP tables on the Node itself or at the router and only allow ports
> for IAX and SSH and block everything else inbound.
>
> Benjamin, KB9LFZ
>
>
> On Wed, Feb 14, 2024, 06:20 David McGough via ARM-allstar <
> arm-allstar at hamvoip.org> wrote:
>
> >
> > ...In proofreading, be below should say: ....which doesn't end in 22,
> 222
> > -OR- 2222. *sigh* 73, David K4FXC
> >
> >
> > On Wed, 14 Feb 2024, David McGough via ARM-allstar wrote:
> >
> > >
> > > The simplest solution to fix this issue is simply to change the SSH
> port
> > > to some obscure port number which doesn't end in 22, 222 to 2222. This
> > > simple change will typically eliminate 99.99% of the attacks. If the
> > > attack issue persists, there are other techniques which will help
> > further.
> > >
> > > But, for a simple, first step, just change the SSHD port. This can be
> > > done via the admin menu, option 8. NOTE that if your node is behind a
> > NAT
> > > firewall (running on a private IP address), you may need to change the
> > > port forwarding as setup in the router to the new port number, too.
> > >
> > >
> > > 73, David K4FXC
> > >
> > >
> > > On Tue, 13 Feb 2024, Lloyd Duck wrote:
> > >
> > > > It’s on the Linux logs on supermon where I’m seeing it.
> > > >
> > > > Command: export TERM=vt100 && /usr/bin/sudo /usr/bin/journalctl
> > --no-pager --since "1 day ago" | /bin/sed -e "/sudo/ d"
> > > > -----------------------------------------------------------------
> > > > -- Logs begin at Sun 2024-02-11 14:29:50 CST, end at Tue 2024-02-13
> > 09:17:51 CST. --
> > > > Feb 12 09:34:14 W5AW sshd[32556]: rexec line 110: Deprecated option
> > UsePrivilegeSeparation
> > > > Feb 12 09:34:15 W5AW sshd[32556]: Invalid user ic from 146.59.228.105
> > port 49302
> > > > Feb 12 09:34:15 W5AW sshd[32556]: pam_tally(sshd:auth): pam_get_uid;
> > no such user
> > > <snip>
> > >
> > > _______________________________________________
> > >
> > > ARM-allstar mailing list
> > > ARM-allstar at hamvoip.org
> > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> > >
> >
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
_______________________________________________
ARM-allstar mailing list
ARM-allstar at hamvoip.org
http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
More information about the ARM-allstar
mailing list