Loading ...
Sorry, an error occurred while loading the content.

Re: attacked linkstation

Expand Messages
  • James Stewart
    ... I installed blockhosts from http://www.aczoom.com/cms/blockhosts on mine which uses TCP wrappers to monitor and ban attackers. The problem is that I
    Message 1 of 5 , Jan 3, 2006
    • 0 Attachment
      --- In LinkStation_General@yahoogroups.com, "michael_harper75"
      <cain171562@g...> wrote:
      >
      > I was just reading some logs and i found out that somebody from the IP
      > 210.202.54.11 was trying to brute force ssh into my linkstation. I
      > was wondering what i could do send a message. Nmap reveals his ftp
      > and ssh ports are open as well. My password is pretty strong but, I
      > dont like it.
      >

      I installed "blockhosts" from http://www.aczoom.com/cms/blockhosts on
      mine which uses TCP wrappers to monitor and ban attackers. The
      problem is that I don't have it working correctly yet. Perhaps you
      might take a look at it and/or work with the Author on it. In my case
      blockhosts seems to leave its "lock" file in place, and perhaps its
      SSH-log search string doesn't match the one my version of SSH put into
      the "auth" log.
    • Arias Hung
      ... You might wanna consider running ssh (or dropbear) on an unconventional port as well as port 22 imo is too conspicuous. I have dropbear, for
      Message 2 of 5 , Jan 4, 2006
      • 0 Attachment
        On Tue, 03 Jan 2006, michael_harper75 delivered in simple text monotype:

        >I was just reading some logs and i found out that somebody from the IP
        >210.202.54.11 was trying to brute force ssh into my linkstation. I
        >was wondering what i could do send a message. Nmap reveals his ftp
        >and ssh ports are open as well. My password is pretty strong but, I
        >dont like it.
        <---snip--->

        You might wanna consider running ssh (or dropbear) on an unconventional port as well as port 22 imo is too conspicuous.

        I have dropbear, for instance running on 50,482. Not that anyone that's scanning on all 60,000 ports will necessarily miss it, but most do.
      Your message has been successfully submitted and would be delivered to recipients shortly.