[HamWAN PSDR] Recently connected... Now being attacked?
Nigel Vander Houwen
nigelvh at gmail.com
Wed Jan 1 10:12:13 PST 2014
Hello Jason,
I'm actually going to have to contradict Bart on one aspect here, and
strongly suggest moving ssh back to the original port. The way hamwan is
designed for the "shared admin" model where myself and a couple other
individuals who are the admins for the network, doesn't agree well with
devices having non-standard configs.
Not that changing a port in and of itself is a bad idea, I've done it a
number of times, but it makes the job of the admins a nightmare when trying
to manage the network and figure out what port ssh is running on for User
A's modem.
Can I suggest instead that you create a firewall rule that limits SSH to
the hamwan address space when coming in over the wireless interface?
Something like
ip firewall filter add action=accept dst-port=22 src-address=44.24.240.0/20
protocol=tcp chain=input in-interface=w0
is probably along the lines of what you'd be looking at. This still limits
the attempts at your modem, but still allows for the admins to update or
configure your modem as needed.
P.S. Welcome to the network!
Thanks!
Nigel
K7NVH
On Mon, Dec 30, 2013 at 12:39 PM, Jason Maher <jason at jmaher.org> wrote:
> Thanks for the suggestions guys,
>
> I changed the ssh port from the default and installed a SSL certificate.
>
> Bart:
> I discovered the firewall rules on Mikrotik's wiki after a little Googling.
> Here is the URL: http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention
>
> No need to block anything on your edge routers. "Kill all internet", I
> like that! :-)
>
> --Jason
> K7JMM
>
>
> On 12/29/2013 12:39 PM, Daniel Luechtefeld wrote:
>
>> Having worked as a security-focused network engineer at a wireless ISP, I
>> can tell you that it's very likely an automated attack against the whole
>> address block in which you reside.
>> One way to harden yourself is to deploy two-factor authentication:
>> password and SSL certificate.
>> 73, Daniel K7DGL
>>
>>
>>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
--
Nigel Vander Houwen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20140101/90029be5/attachment.html>
More information about the PSDR
mailing list