My puppy pc sits behind a router on the internal network but has 3 ports open to the world
port 22 for ssh and 2 for audio streams.
I saw the network leds flashing a lot the other night and did some investigations and finally used netstat -tp to show connections to my puppy pc to find 3 ssh connections established from 218.28.24.238.
So I have run up the firewall and have added a few things in to what I saw was a line to block IP ranges.
So at present I have:
PERMIT="22/tcp 8000-8001/tcp 192.168.1.0/24"
INTERNAL_INTERFACES=""
BLACKLIST="218.28.0.0/16 218.29.0.0/16"
To get to this stage took this learner hours so should I have anything else set, have I got it correct?
Cheers
Adrian
Configuring firewall to block an IP address.
cheeky....
You have a strong password for puppy? He can try but he still has to get through that. Might be worth creating a user if your monitor can be run like that. (su --login would give you root again though I suppose that brings you back to the first point.
Another thought might be to change the ssh port away from the standard one.
My router lets you set the WAN addresses permitted to open ports... and you are using fixed ip/dyndns so should be useable...ie you only allow your remote access and no one else.
mike
You have a strong password for puppy? He can try but he still has to get through that. Might be worth creating a user if your monitor can be run like that. (su --login would give you root again though I suppose that brings you back to the first point.
Another thought might be to change the ssh port away from the standard one.
My router lets you set the WAN addresses permitted to open ports... and you are using fixed ip/dyndns so should be useable...ie you only allow your remote access and no one else.
mike
my password for puppy certainly went up a notch!
I appreciate that just having a connection to the pc did not mean they had access, but they can sod off.
I was just thinking of what I am trying to do and as such I doubt I would ever be in China to access the PC hence I thought to just block off massive blocks. If I get another connection and it turned out to be another country I would now just do the same.
As you suggest I could map ports differently is use some obscure port and map it to 22 on the puppy just not sure about say using, ssh root@puppy:54321 if it would work.
Cheers
Adrian
I appreciate that just having a connection to the pc did not mean they had access, but they can sod off.
I was just thinking of what I am trying to do and as such I doubt I would ever be in China to access the PC hence I thought to just block off massive blocks. If I get another connection and it turned out to be another country I would now just do the same.
As you suggest I could map ports differently is use some obscure port and map it to 22 on the puppy just not sure about say using, ssh root@puppy:54321 if it would work.
Cheers
Adrian
ssh -p 3456 blah ... looks like the syntax.
sshd -p 3456 blah...
Still think set router for your access only would be a good move.
I remember a fresh install of windows 2k had a trojan in 2 minutes of first connecting with a modem which came via port 135 (RPC) .... common ports are always targetted so moving the goalpost is usually a good idea. By the way a hack of rpcss fixed that hole
but routers solve the problem (and netbios/samba holes) with having a built in firewall.
mike
sshd -p 3456 blah...
Still think set router for your access only would be a good move.
I remember a fresh install of windows 2k had a trojan in 2 minutes of first connecting with a modem which came via port 135 (RPC) .... common ports are always targetted so moving the goalpost is usually a good idea. By the way a hack of rpcss fixed that hole
but routers solve the problem (and netbios/samba holes) with having a built in firewall.mike
Do you know about Shields Up! for testing your operating system, browser, router and firewall security settings?
https://www.grc.com/ShieldsUp!
(For some reason, the forum software doesn't recognize that as a legitimate URL, but I tested it and it is. You'll have to copy it and paste it into your browser's address window. Sorry for the inconvenience.
)
https://www.grc.com/ShieldsUp!
(For some reason, the forum software doesn't recognize that as a legitimate URL, but I tested it and it is. You'll have to copy it and paste it into your browser's address window. Sorry for the inconvenience.
)
Thank you for the link, Flash. I run a ZTE MF636 USB modem, and is given a new IP every time I log in.
Unless theyShieldsUP company is just a front for the chinese gov. hacking dept., the test report made me feel a bit safer:
tallboy
Unless theyShieldsUP company is just a front for the chinese gov. hacking dept., the test report made me feel a bit safer:
tallboy
- Attachments
-
- ip-test.jpg
- (19.58 KiB) Downloaded 422 times
True freedom is a live Puppy on a multisession CD/DVD.
What about those Norweigen gov hacking depts 
.
SSH port is a common target from anywhere because of what can be done if someone can crack the password (that's it...nothing else to do) ... its a bit like putting up a sign saying 'please come and get me' in neon hence has to be handled extra carefully.
mike
.SSH port is a common target from anywhere because of what can be done if someone can crack the password (that's it...nothing else to do) ... its a bit like putting up a sign saying 'please come and get me' in neon hence has to be handled extra carefully.
mike
