I get several hundreds of login failures every night. The ip addresses where the attempts come from are different every night, otherwise I would block them. Obviously, the attempts did not succeed, but I was wondering if my router (2.9.5) is vulnerable at the moment. If so, what should I change?
Thanks,
Radu
oct/06 02:07:15 system,error,critical login failure for user Shadow from 217.199.184.176 via ssh
oct/06 02:07:15 system,error,critical login failure for user coffee from 217.199.184.176 via ssh
oct/06 02:07:16 system,error,critical login failure for user falcon from 217.199.184.176 via ssh
oct/06 02:07:17 system,error,critical login failure for user root from 217.199.184.176 via ssh
oct/06 02:07:18 system,error,critical login failure for user pepper from 217.199.184.176 via ssh
Make sure you have secure passwords on your box for all users that are allowed SSH access.
To prevent these attacks, either block SSH from the Internet (you can allow it from specific management IPs) or, move SSH to a different port as this particular attack only targets TCP/22.
Hi there! This might be a dumb question or sugestion, but can you see the MAC address of the attacker? If you can, isn’t there a way you could firewall that MAC? If anyone has any idea, let me know too. I know you can do MAC filtering on wireless interfaces, but can it be done on ethernet and internet side too?
Just had to note it was not “previously” discussed (my post was several hours before the other post). But, solution is more important than order, so we can just move to that topic.