Argh! My Dynex just went south for a permanent vacation and did a GRC Port scan and failed because I have port 22 open.
What Vulnerabilities am I face with until I replace my router or how can I configure my firewall to be closed to the internet, but available to the LAN?
Your router’s web (typically) interface should let you stop forwarding
port 22 by just disabling port forwarding. How you do so depends on the
model of the router. Try accessing it (192.168.1.1 as an example IP
address) and once in look for something that talks about port forwarding.
Good luck.
VcDeveloper1 wrote:
> Argh! My Dynex just went south for a permanent vacation and did a GRC
> Port scan and failed because I have port 22 open.
>
> What Vulnerabilities am I face with until I replace my router or how
> can I configure my firewall to be closed to the internet, but available
> to the LAN?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
What I mean is, my router doesn’t work, so my server is directly connected to my modem. So how do you effectively configure the firewall to block incoming connection from the internet without removing SSH from the Allow Services?
Find the ‘Secure Shell’ or ‘SSH’ or whatever service and remove it from
the list of allowed services. This, of course, assumes your firewall
(rcSuSEfirewall2) service is enabled like it should be.
Good luck.
VcDeveloper1 wrote:
> What I mean is, my router doesn’t work, so my server is directly
> connected to my modem. So how do you effectively configure the firewall
> to block incoming connection from the internet without removing SSH from
> the Allow Services?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
aaaawh! Guest what! I found out why my router supposedly crashed…, either it was because of the two cpu’s fighting over connection time because they both had the same IP address or someone was flooding my ISP IP address.
Because my connection to the internet was reduced down to a crawl. I had hardly any to no speed at all. Well, reset my router, fixed the colliding IP’s, waited a couple of days, hooked everything back up and now everything fine!
Any input to any or all of these symptom’s causing my internet connection to drop like these?
I would advise you change the port for the ssh service from 22 to a higher range (over 5000, let’s say). It is a known fact that there are lots of individuals who will sniff for the default ports(in the lower range) and then will try different algorithms to log in using lists of different user names. Also important to have your password not some as user id or the default (admin, unix11 comes to my mind).
Check /var/log/messages with this small script(either run it as admin or copy the file to your user - don’t forget about rights/ownership of the file).
This will give you the ip’s who tried to sniff you and the number of attempts:
grep ‘Invalid user’ /var/log/messages |awk ‘{ip_array$10]++;} END{for (ip_address in ip_array){print "FROM “,ip_address,” there were ",ip_array[ip_address],“attempts”}}’
here is an example of what I got:
FROM 95.154.229.197 there were 2 attempts
FROM 61.218.59.243 there were 122 attempts
FROM 75.101.29.7 there were 62 attempts
FROM 72.55.143.45 there were 236 attempts
FROM 124.254.31.84 there were 54 attempts
FROM 217.74.116.2 there were 2 attempts
FROM 218.16.143.93 there were 61 attempts
FROM 211.183.3.240 there were 6 attempts
FROM 211.49.168.167 there were 267 attempts
FROM 119.148.8.55 there were 127 attempts
FROM 81.93.186.153 there were 28 attempts
FROM 218.80.221.51 there were 207 attempts
FROM 209.20.76.252 there were 1452 attempts
The firewall and the router needs to be setup to change the port. This will not prevent hackers to try but it is less likely that they will sniff the port that easily if it’s in a higher range. If you need help ask and someone can guide through setting it up.
Good luck!