8 Jan
2015
8 Jan
'15
11:21 a.m.
I run a software that watches the log book. It's called "Fail2Ban".
I have it watch many system logs including JNOS. I have it set to look for
3 failed attempts from the same IP address and then it bans that IP address
for a month.
It must ban at least 20-30 ip addresses a day. Most are from China.
Wm Lewis
KG6BAJ
At 07:37 AM 01/08/15, you wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Is it just my system ?
I'm seeing many many login attempts as root on telnet.
Are they targetting just 44 ?
Maiko / VE4KLM
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
8 Jan
8 Jan
11:32 a.m.
New subject: lots of telnet attacks from china, australia
Welcome to the connected world.
On Thu, Jan 8, 2015 at 8:21 AM, William Lewis <kg6baj(a)n1oes.org> wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> I run a software that watches the log book. It's called "Fail2Ban".
>
> I have it watch many system logs including JNOS. I have it set to look for
> 3 failed attempts from the same IP address and then it bans that IP address
> for a month.
>
> It must ban at least 20-30 ip addresses a day. Most are from China.
>
> Wm Lewis
> KG6BAJ
>
>
> At 07:37 AM 01/08/15, you wrote:
>
>> (Please trim inclusions from previous messages)
>> _______________________________________________
>>
>> Is it just my system ?
>>
>> I'm seeing many many login attempts as root on telnet.
>>
>> Are they targetting just 44 ?
>>
>> Maiko / VE4KLM
>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)hamradio.ucsd.edu
>> http://hamradio.ucsd.edu/mailman/listinfo/44net
>>
>
12:56 p.m.
New subject: lots of telnet attacks from china, australia
While not net-44 specific you are not alone
http://map.ipviking.com/
http://ocularwarfare.com/ipew/
On Thu, Jan 8, 2015 at 8:32 AM, Don Fanning <don(a)00100100.net> wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> Welcome to the connected world.
>
> On Thu, Jan 8, 2015 at 8:21 AM, William Lewis <kg6baj(a)n1oes.org> wrote:
>
> > (Please trim inclusions from previous messages)
> > _______________________________________________
> > I run a software that watches the log book. It's called
"Fail2Ban".
> >
> > I have it watch many system logs including JNOS. I have it set to look
> for
> > 3 failed attempts from the same IP address and then it bans that IP
> address
> > for a month.
> >
> > It must ban at least 20-30 ip addresses a day. Most are from China.
> >
> > Wm Lewis
> > KG6BAJ
> >
> >
> > At 07:37 AM 01/08/15, you wrote:
> >
> >> (Please trim inclusions from previous messages)
> >> _______________________________________________
> >>
> >> Is it just my system ?
> >>
> >> I'm seeing many many login attempts as root on telnet.
> >>
> >> Are they targetting just 44 ?
> >>
> >> Maiko / VE4KLM
> >>
> >> _________________________________________
> >> 44Net mailing list
> >> 44Net(a)hamradio.ucsd.edu
> >> http://hamradio.ucsd.edu/mailman/listinfo/44net
> >>
> >
1:47 p.m.
New subject: lots of telnet attacks from china, australia
I would say it is very expected to see all sorts of assaults on your
machines (bruteforcing, exploit attempts, etc). The Internet is constantly
bombarded with this stuff. It reminds you of why it is important to set up
your systems security right with things like SSH certificate
authentication, router ACLs, or firewalls.
For your situation, I would recommend writing an ACL that allows telnet (if
you use it) from just IPs you trust. Actually, I think you should drop ALL
packets to telent, personally, and use SSH in lieu of that.
Remember that these are public IP addresses, unprotected from any NAT you
may be used to!
-Andrew
Kc2LTO
On Thu, Jan 8, 2015 at 10:56 AM, K7VE - John <k7ve(a)k7ve.org> wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> While not net-44 specific you are not alone
>
> http://map.ipviking.com/
>
> http://ocularwarfare.com/ipew/
>
>
>
> On Thu, Jan 8, 2015 at 8:32 AM, Don Fanning <don(a)00100100.net> wrote:
>
> > (Please trim inclusions from previous messages)
> > _______________________________________________
> > Welcome to the connected world.
> >
> > On Thu, Jan 8, 2015 at 8:21 AM, William Lewis <kg6baj(a)n1oes.org> wrote:
> >
> > > (Please trim inclusions from previous messages)
> > > _______________________________________________
> > > I run a software that watches the log book. It's called
"Fail2Ban".
> > >
> > > I have it watch many system logs including JNOS. I have it set to look
> > for
> > > 3 failed attempts from the same IP address and then it bans that IP
> > address
> > > for a month.
> > >
> > > It must ban at least 20-30 ip addresses a day. Most are from China.
> > >
> > > Wm Lewis
> > > KG6BAJ
> > >
> > >
> > > At 07:37 AM 01/08/15, you wrote:
> > >
> > >> (Please trim inclusions from previous messages)
> > >> _______________________________________________
> > >>
> > >> Is it just my system ?
> > >>
> > >> I'm seeing many many login attempts as root on telnet.
> > >>
> > >> Are they targetting just 44 ?
> > >>
> > >> Maiko / VE4KLM
> > >>
> > >> _________________________________________
> > >> 44Net mailing list
> > >> 44Net(a)hamradio.ucsd.edu
> > >> http://hamradio.ucsd.edu/mailman/listinfo/44net
> > >>
> > >
3414
days inactive
3414
days old
3 comments
4 participants
participants (4)
-
Andrew Ragone (RIT Student) -
Don Fanning -
K7VE - John -
William Lewis