[HamWAN PSDR] Recently connected... Now being attacked?

Daniel Luechtefeld daniel.luechtefeld at gmail.com
Sun Dec 29 12:39:02 PST 2013


Having worked as a security-focused network engineer at a wireless ISP, I
can tell you that it's very likely an automated attack against the whole
address block in which you reside.

One way to harden yourself is to deploy two-factor authentication: password
and SSL certificate.

73, Daniel K7DGL


On Sun, Dec 29, 2013 at 12:21 PM, Jason Maher <jason at jmaher.org> wrote:

> Hi folks,
>
> I have recently connected to the PSDR from my QTH in Suquamish via the
> Capital Park node. My Metal 5SHPN is fed from a Puynting 31dBi Grid
> antenna. I have a 16.2 Mbps connection at 21.4 Kilometers!
>
> My concern is that it appears that someone is attempting to log into my
> router as root via SSH. There are multiple log entries every day citing
> "login failures". A whois on any of the IPs show up as originating from
> China.
>
> A few examples:
>
> 58.215.56.110
> 120.105.81.190
> 49.203.248.133
> 202.119.236.121
> 95.211.8.134
>
> I have applied the suggested scripts to blacklist an IP after several
> failed attempts. I also have a hardware firewall between the router and my
> LAN.
>
> Are these just normal internet hacking attempts from bots, or is there
> something else going on?
>
> Thanks!
>
> --Jason
> K7JMM
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20131229/53105f3c/attachment.html>


More information about the PSDR mailing list