I would say it is very expected to see all sorts of assaults on your machines (bruteforcing, exploit attempts, etc). The Internet is constantly bombarded with this stuff. It reminds you of why it is important to set up your systems security right with things like SSH certificate authentication, router ACLs, or firewalls.

For your situation, I would recommend writing an ACL that allows telnet (if you use it) from just IPs you trust. Actually, I think you should drop ALL packets to telent, personally, and use SSH in lieu of that.

Remember that these are public IP addresses, unprotected from any NAT you may be used to!

-Andrew Kc2LTO

On Thu, Jan 8, 2015 at 10:56 AM, K7VE - John k7ve@k7ve.org wrote:

(Please trim inclusions from previous messages) _______________________________________________ While not net-44 specific you are not alone

http://map.ipviking.com/

http://ocularwarfare.com/ipew/

On Thu, Jan 8, 2015 at 8:32 AM, Don Fanning don@00100100.net wrote:

...

(Please trim inclusions from previous messages) _______________________________________________ Welcome to the connected world.

On Thu, Jan 8, 2015 at 8:21 AM, William Lewis kg6baj@n1oes.org wrote:

...

(Please trim inclusions from previous messages) _______________________________________________ I run a software that watches the log book. It's called "Fail2Ban".

I have it watch many system logs including JNOS. I have it set to look

for

...

3 failed attempts from the same IP address and then it bans that IP

address

...

for a month.

It must ban at least 20-30 ip addresses a day. Most are from China.

Wm Lewis KG6BAJ

At 07:37 AM 01/08/15, you wrote:

...

(Please trim inclusions from previous messages) _______________________________________________

Is it just my system ?

I'm seeing many many login attempts as root on telnet.

Are they targetting just 44 ?

Maiko / VE4KLM

---

44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net