Revision history [back]
 | 1 | initial version | posted 2014-02-05 14:45:56 +0200  |
add fail2ban to prevent ssh bruteforcing
Since a phone in developer mode is listening on port 22 for ssh on all interfaces (yes also on the 3g/LTE interface), bots are trying to bruteforce the login. At the moment it seems to only hit the root user and yes that is pretty futile, but we have seen bigger attacks where other user names where used earlier, so it's just a question of time before they will bruteforce the login for the nemo user as well.
Feb 05 13:22:47 awesomephone sshd[8341]: Failed password for root from 61.147.107.83 port 4565 ssh2
Feb 05 13:22:49 awesomephone sshd[8338]: Failed password for root from 61.147.107.83 port 3937 ssh2
Feb 05 13:22:52 awesomephone sshd[8338]: Failed password for root from 61.147.107.83 port 3937 ssh2
Feb 05 13:22:52 awesomephone sshd[8341]: Failed password for root from 61.147.107.83 port 4565 ssh2
I would therefor suggest having fail2ban or something similar, that would block ip's with more than X amount of failed logins.
| | 2 | No.2 Revision |
add fail2ban to prevent ssh bruteforcing
Since a phone in developer mode is listening on port 22 for ssh on all interfaces (yes also on the 3g/LTE interface), bots are trying to bruteforce the login. At the moment it seems to only hit the root user and yes that is pretty futile, but we have seen bigger attacks where other user names where used earlier, so it's just a question of time before they will bruteforce the login for the nemo user as well.
Feb 05 13:22:47 awesomephone sshd[8341]: Failed password for root from 61.147.107.83 port 4565 ssh2
Feb 05 13:22:49 awesomephone sshd[8338]: Failed password for root from 61.147.107.83 port 3937 ssh2
Feb 05 13:22:52 awesomephone sshd[8338]: Failed password for root from 61.147.107.83 port 3937 ssh2
Feb 05 13:22:52 awesomephone sshd[8341]: Failed password for root from 61.147.107.83 port 4565 ssh2
I would therefor suggest having fail2ban or something similar, that would block ip's with more than X amount of failed logins.
| | 3 | No.3 Revision |
add fail2ban to prevent ssh bruteforcing
Since a phone in developer mode is listening on port 22 for ssh on all interfaces (yes also on the 3g/LTE interface), bots are trying to bruteforce the login. At the moment it seems to only hit the root user and yes that is pretty futile, but we have seen bigger attacks where other user names where used earlier, so it's just a question of time before they will bruteforce the login for the nemo user as well.
Feb 05 13:22:47 awesomephone sshd[8341]: Failed password for root from 61.147.107.83 port 4565 ssh2
Feb 05 13:22:49 awesomephone sshd[8338]: Failed password for root from 61.147.107.83 port 3937 ssh2
Feb 05 13:22:52 awesomephone sshd[8338]: Failed password for root from 61.147.107.83 port 3937 ssh2
Feb 05 13:22:52 awesomephone sshd[8341]: Failed password for root from 61.147.107.83 port 4565 ssh2
I would therefor suggest having fail2ban or something similar, that would block ip's with more than X amount of failed logins.
edit: As proposed in the comments. An solution could also be to have sshd only listen on the wlan/usb device and not the wwan device. Even better would be if one could limit it to a specific wireless network. But i guess that could be error prone and one would not be able to use SSH to safe ones butt when the UI is unresponve(/broken by patches).