What's new

SSH brute force and hacking attempts

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Saw a few SSH attacks in AiProtection today. First after using the directions in the screenshot.

Could be a coincident or may be the bots found out which external port number I have open.

Moving the port, as you've noticed - it does reduce, but not eliminate the chatter on the port...

Bots are much like the cosmic background radiation of the internet
 
Saw a few SSH attacks in AiProtection today. First after using the directions in the screenshot.

Could be a coincident or may be the bots found out which external port number I have open.
Give it a week or so and check again. (Also, don't use obvious ports like 50000, 22222, 22022, etc.)

If you're still exposing Wireguard and VNC on their standard ports you should change their external ports as well.

Basically, if you expose any standard ports or their common variations to the internet the bots will know there's something at that IP address and start scanning it more aggressively. For this reason you should also disable "Respond ICMP Echo (ping) Request from WAN" in the router's firewall.
 
Last edited:
Give it a week or so and check again. (Also, don't use obvious ports like 50000, 22222, 22022, etc.)

If you're still exposing Wireguard and VNC on their standard ports you should change their external ports as well.

Basically, if you expose any standard ports or their common variations to the internet the bots will know there's something at that IP address and start scanning it more aggressively. For this reason you should also disable "Respond ICMP Echo (ping) Request from WAN" in the router's firewall.
I hadn't changed Wireguard port, so this makes sense. Let me change that and see how it goes.
 
If you're still exposing Wireguard and VNC on their standard ports you should change their external ports as well.

WG uses UDP, and one has flexibility on assigning the ports in any case... most scanner bots won't waste time with udp services as there is no handshake, so they have to scan and wait - for a long time perhaps per host.

VNC, by default uses TCP/5900 (+n), so with VNC exposed - a bot scanning ports just has to send a TCP syn packet and look for an ack - if an ack is received, then it can do the handshake and look for services...

RealVNC has their value added service - VNC Connect which can do hole-punching (it also works nicely with CGNAT) - don't have to open the port with them - hint here is that Raspberry Pi folks have a 5-host license for free... and the server side doesn't need to be a Pi...

TeamViewer can also do the NAT traversal - if that is an option outside of VNC
 
Similar threads
Thread starter Title Forum Replies Date
L&LD Don't ssh me! General Network Security 8
sfx2000 SSH cheat sheet General Network Security 1

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top