Soorma Posted February 14, 2014 Share #1 Posted February 14, 2014 anyone else seeing this? my firewall reported that my "server ip" is getting Brute froce ssh attack. attack is coming from China IP's. Thanks -Soorma Link to comment Share on other sites More sharing options...
Soorma Posted February 14, 2014 Author Share #2 Posted February 14, 2014 anyone else seeing this? my firewall reported that my "server ip" is getting Brute froce ssh attack. attack is coming from China IP's. Thanks -Soorma Link to comment Share on other sites More sharing options...
stanza Posted February 14, 2014 Share #3 Posted February 14, 2014 Any computer connected to the net is going to see attacks. Me personally I don't have anything accessable to the net... Link to comment Share on other sites More sharing options...
stanza Posted February 14, 2014 Share #4 Posted February 14, 2014 Any computer connected to the net is going to see attacks. Me personally I don't have anything accessable to the net... Link to comment Share on other sites More sharing options...
Soorma Posted February 15, 2014 Author Share #5 Posted February 15, 2014 Any computer connected to the net is going to see attacks. Me personally I don't have anything accessable to the net... my firewall , cctv camera server & Diskstation 212+ also has open ssh port but attack was only going to Xpenology box ip. i did has default mac address / SN# but i changed it last night. Link to comment Share on other sites More sharing options...
Soorma Posted February 15, 2014 Author Share #6 Posted February 15, 2014 Any computer connected to the net is going to see attacks. Me personally I don't have anything accessable to the net... my firewall , cctv camera server & Diskstation 212+ also has open ssh port but attack was only going to Xpenology box ip. i did has default mac address / SN# but i changed it last night. Link to comment Share on other sites More sharing options...
jokies Posted February 15, 2014 Share #7 Posted February 15, 2014 Change MAC and S/N and they will be gone. Otherwise change default port, have common ports opened on default port number is not a good idea. Link to comment Share on other sites More sharing options...
jokies Posted February 15, 2014 Share #8 Posted February 15, 2014 Change MAC and S/N and they will be gone. Otherwise change default port, have common ports opened on default port number is not a good idea. Link to comment Share on other sites More sharing options...
fgullama Posted February 15, 2014 Share #9 Posted February 15, 2014 I set my MAC address to native for my card and randomized the other three dummy MACs. I also changed the SSH port as well. That stopped everything for a couple of weeks, but I did see some fresh some IP blocks yesterday in my logs (I block after five failed attempts)... Definitely changing to a non default port cut way way down on the attacks though. Frank Link to comment Share on other sites More sharing options...
fgullama Posted February 15, 2014 Share #10 Posted February 15, 2014 I set my MAC address to native for my card and randomized the other three dummy MACs. I also changed the SSH port as well. That stopped everything for a couple of weeks, but I did see some fresh some IP blocks yesterday in my logs (I block after five failed attempts)... Definitely changing to a non default port cut way way down on the attacks though. Frank Link to comment Share on other sites More sharing options...
DHD Posted February 17, 2014 Share #11 Posted February 17, 2014 I changed MAC address, SN, default ports and SN but still be attached from China's IP (218.6.6.70 =>Fuzhou, Fujian, China). Please teach me how to check someone success attach my NAS or not? Link to comment Share on other sites More sharing options...
DHD Posted February 17, 2014 Share #12 Posted February 17, 2014 I changed MAC address, SN, default ports and SN but still be attached from China's IP (218.6.6.70 =>Fuzhou, Fujian, China). Please teach me how to check someone success attach my NAS or not? Link to comment Share on other sites More sharing options...
XPEH Posted February 17, 2014 Share #13 Posted February 17, 2014 Link to comment Share on other sites More sharing options...
XPEH Posted February 17, 2014 Share #14 Posted February 17, 2014 [attachment=0]Capture.PNG[/attachment] Link to comment Share on other sites More sharing options...
Soorma Posted February 17, 2014 Author Share #15 Posted February 17, 2014 [attachment=0]Capture.PNG[/attachment] change your ssh port number from 22 to somthing else and then do auto block ip after 3-4 fail tries etc. Link to comment Share on other sites More sharing options...
Soorma Posted February 17, 2014 Author Share #16 Posted February 17, 2014 [attachment=0]Capture.PNG[/attachment] change your ssh port number from 22 to somthing else and then do auto block ip after 3-4 fail tries etc. Link to comment Share on other sites More sharing options...
phoenix73 Posted May 7, 2014 Share #17 Posted May 7, 2014 Did you use OpenVPN or PPTP client ? Only eth0 is protected by firewall ;( Link to comment Share on other sites More sharing options...
shackwove Posted May 7, 2014 Share #18 Posted May 7, 2014 For an added layer you can forward a port in your router to your SSH port on DSM. Your router's config would look like this : External port : 35775 Internal port : 22 now you only have to connect to it using ssh -p 35775 user@ip You can also disable the ability to ssh as root, this is common practice to any ssh box, you can then login as say "admin" and then switch to root if you have to. DSM is particular tho and we have to change something first or we won't be able to switch user afterwards. 1. Login as ssh root@dsm 2. Change permissions on /bin/su with chmod a+s /bin/su 3. Try it, login with ssh admin@dsm 4. Type su 5. Enter password and type whoami < this should return "root" 6. Disable root login in /etc/ssh/sshd_config as root user do vi /etc/ssh/sshd_config locate the line that says #PermitRootLogin yes Press insert and edit it so it looks like "PermitRootLogin no" Press escape and type ":wq" and press enter 7. In the web GUI, Control Panel > Terminal > Disable SSH and apply > Enable SSH and apply 8. Try to connect as root, it shouldn't let you anymore, so connect as admin That's it, nobody can longer connect to your DSM as root but you still have root capabilities! Place your cursor over this line Link to comment Share on other sites More sharing options...
Recommended Posts