>Some Russian guy keeps trying to SSH into my router
Russia stop it
Some Russian guy keeps trying to SSH into my router
Joshua Barnes
Brody Perry
Cyka blyat bydlo
Connor Perez
why dont you just block his ip?
why don't you have fail2ban installed anyway?
Angel Cook
>why don't you have fail2ban installed anyway?
PFSense
I'm too lazy to set up snort so I just disallowed SSH from the WAN
Russian guy was trying to brute force my router all night too
Kayden Peterson
>chinese and russian ip's trying to ssh into my computer
What do they want?
Brandon Reed
>Not having a password complex enough to be immune to brute-forcing
ISHYGDDT
Brody Gray
How do you guys see/check this?
My router is running OpenWRT.
Michael Carter
>brute force
Do you allow password login? That's not good.
William Nelson
I saw post several days ago on Russian imageboard. they were discussing about about VPN and best ways to get it.
now you know
Elijah Parker
Yeah. The password is 64 characters though
David Davis
>having a SSH server running in the first place
Robert Martinez
Why not only use keys and have have your local private key encrypted and password protected with your password?
Evan Adams
Pretty much every IPv4 on the internet gets this. It's a hacked machine, that's all, scanning for other machines with easily-guessable passwords to hack and join the glorious (literal) botnet.
Try setting your sshd to only use the more secure ciphers. One example:
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
Tune it right, and the result is that everything you use connects fine, and the scanners, well, they're still using old busted shit because they're looking for low-hanging fruit anyway:
Sep 29 18:50:41 chiaki sshd[17636]: fatal: Unable to negotiate with 221.229.172.76 port 13159: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Not that they'll ever succeed anyway, because obviously you use keys everywhere and have PasswordAuthentication no, right? But at least that way, it fails on initial banner exchange rather than after kex.
Christopher Morales
Isn't OpenWRT Linux based?
#tail /var/log/auth.log
Or something should do it
Gabriel Morris
90% of embedded systems are linux-based
Jason Morgan
Literal botnet.
Wyatt Clark
1) Disable SSH.
2) Block his IP with firewall.
3) Change port number SSH uses to a random one.
Any of those do. Chances are you really don't need to SSH into your router so just disable SSH.
Ethan Butler
Texashol'em before it was cool.
Robert Garcia
Backtrce him and call the Cyber Police.
Cooper Sullivan
>I'm too lazy to set up snort
Find an old machine and set up Smoothwall.
Mine stops a continuous fire of Chinese attacks.
Joshua Jones
If he is to lazy to click a dozen buttons to set up snort then I doubt he will do that.
Jeremiah Gray
and the federal and state police, this is his father and they dun goof'd.
Bentley Wright
>Not blocking every possible IP range in Russia
You're asking for it.
Ethan Thomas
>look at server logs
>SSH attempts every minute for weeks
>change port from 22 to 23
>not a single attempt in months
Jace Anderson
Some of us already use port 23. Try a non-reserved port, dumbass.
OP: fail2ban
Carter Long
Well I don't so how am I a dumbass for doing it, you fucking moron? I'm not telling everyone to switch to port 23, I'm simply saying that after configuring SSH to not use the standard port the attempts stopped happening.
Eat a dick.
Jason Murphy
No u eat a dicks
Joshua Wilson
Over 18 only, kiddo.
Adrian Murphy
But thats telnet port
Xavier Jackson
22 is already over 18, so what's your point?
Austin Martinez
Why do the chinese and russians try to hack us? What do they want to achieve?
Nolan Stewart
Communism aka botnet.
Nolan Martinez
they want to replace obama with putin
Lucas Williams
>not blocking the entirety of china and russia
>not blocking every country except the one you live in anyway
Henry Thompson
stfu
Ryder Morris
how do I know if there's a russian trying to ssh my router
or anyone in general
Julian Brooks
You ask the police, NSA, FBI or CIA to protect your router. That's what you pay them for.
Jason Cox
For lulz, and other reasons.
I watched this good defcon lecture basically about hacker culture around the world, and the guy made several points, if I'm remembering this all correctly... Like how Chinese hackers may not like their government, but that doesn't mean they're not patriotic about China and its history (ironic the similarities, eh?). So they basically do it to fuck with Americans, the same way Americans might fuck with them.
Russians hackers are usually working for organized crime.
Juan Anderson
Lol
Ah I see. What type of shit do they do with your network? And how do they grab your IP?
Charles Watson
ok hillary
Jaxon Johnson
>chinese and russian IPs means chinese and russian "hackers" are trying to hack me
are you guys tarded?
Kayden Cox
Are the botnets incapable of using nmap?
Leo Fisher
on pfSense, you actually have to enable ssh from WAN. it is disabled by default.
the better question is WHY THE FUCK IS SSH ON THE ROUTER ENABLED ON WAN
what the FUCK, OP?
Jonathan Hughes
I ran a home web server for a couple of years. I had to IP lock the whole of China. Apache logs were full of break-in attempts from there.
Carter Brooks
of course not, but there's just no real reason to check other ports when you get 95% of the results with port 22
Jaxson Roberts
>And how do they grab your IP?
there are only 2^32 IPs in IPv4, you can just generate random ones until something responds.
it's even lower than that, because shit like 10.0.0.0/8 is reserved etc.