Brute Forcing SSH From China 222.186.34.122

[Nathan Hale]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Latest attempt from China to brute force holland ssh (numerous previous
attempts)

May 17 08:52:25 f53c6d03c0 sshd[20105]: PAM 4 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:52:25 f53c6d03c0 sshd[20105]: PAM service(sshd) ignoring max retries; 5 > 3
May 17 08:52:42 f53c6d03c0 sshd[20182]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:52:44 f53c6d03c0 sshd[20182]: Failed password for root from
222.186.34.122 port 4421 ssh2
May 17 08:52:53 f53c6d03c0 sshd[20182]: Failed password for root from
222.186.34.122 port 4421 ssh2
May 17 08:52:55 f53c6d03c0 sshd[20182]: Failed password for root from
222.186.34.122 port 4421 ssh2
May 17 08:52:59 f53c6d03c0 sshd[20182]: Failed password for root from
222.186.34.122 port 4421 ssh2
May 17 08:53:06 f53c6d03c0 sshd[20182]: Failed password for root from
222.186.34.122 port 4421 ssh2
May 17 08:53:10 f53c6d03c0 sshd[20182]: fatal: Read from socket failed:
Connection reset by peer [preauth]
May 17 08:53:10 f53c6d03c0 sshd[20182]: PAM 4 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:53:10 f53c6d03c0 sshd[20182]: PAM service(sshd) ignoring max retries; 5 > 3
May 17 08:53:24 f53c6d03c0 sshd[20200]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:53:26 f53c6d03c0 sshd[20200]: Failed password for root from
222.186.34.122 port 3822 ssh2
May 17 08:53:29 f53c6d03c0 sshd[20200]: Failed password for root from
222.186.34.122 port 3822 ssh2
May 17 08:53:31 f53c6d03c0 sshd[20200]: Failed password for root from
222.186.34.122 port 3822 ssh2
May 17 08:53:33 f53c6d03c0 sshd[20200]: Failed password for root from
222.186.34.122 port 3822 ssh2
May 17 08:53:35 f53c6d03c0 sshd[20200]: Failed password for root from
222.186.34.122 port 3822 ssh2
May 17 08:53:36 f53c6d03c0 sshd[20200]: fatal: Read from socket failed:
Connection reset by peer [preauth]
May 17 08:53:36 f53c6d03c0 sshd[20200]: PAM 4 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:53:36 f53c6d03c0 sshd[20200]: PAM service(sshd) ignoring max retries; 5 > 3
May 17 08:53:59 f53c6d03c0 sshd[20208]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:54:01 f53c6d03c0 sshd[20208]: Failed password for root from
222.186.34.122 port 3234 ssh2
May 17 08:54:06 f53c6d03c0 sshd[20208]: Failed password for root from
222.186.34.122 port 3234 ssh2
May 17 08:54:08 f53c6d03c0 sshd[20208]: Failed password for root from
222.186.34.122 port 3234 ssh2
May 17 08:54:10 f53c6d03c0 sshd[20208]: Failed password for root from
222.186.34.122 port 3234 ssh2
May 17 08:54:12 f53c6d03c0 sshd[20208]: Failed password for root from
222.186.34.122 port 3234 ssh2
May 17 08:54:13 f53c6d03c0 sshd[20208]: fatal: Read from socket failed:
Connection reset by peer [preauth]
May 17 08:54:13 f53c6d03c0 sshd[20208]: PAM 4 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:54:13 f53c6d03c0 sshd[20208]: PAM service(sshd) ignoring max retries; 5 > 3
May 17 08:54:36 f53c6d03c0 sshd[20211]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:54:38 f53c6d03c0 sshd[20211]: Failed password for root from
222.186.34.122 port 4656 ssh2
May 17 08:54:41 f53c6d03c0 sshd[20211]: Failed password for root from
222.186.34.122 port 4656 ssh2
May 17 08:54:43 f53c6d03c0 sshd[20211]: Failed password for root from
222.186.34.122 port 4656 ssh2
May 17 08:54:45 f53c6d03c0 sshd[20211]: Failed password for root from
222.186.34.122 port 4656 ssh2
May 17 08:54:48 f53c6d03c0 sshd[20211]: Failed password for root from
222.186.34.122 port 4656 ssh2
May 17 08:54:48 f53c6d03c0 sshd[20211]: fatal: Read from socket failed:
Connection reset by peer [preauth]
May 17 08:54:48 f53c6d03c0 sshd[20211]: PAM 4 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:54:48 f53c6d03c0 sshd[20211]: PAM service(sshd) ignoring max retries; 5 > 3
May 17 08:54:50 f53c6d03c0 sshd[20213]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:54:52 f53c6d03c0 sshd[20213]: Failed password for root from
222.186.34.122 port 2401 ssh2
May 17 08:54:54 f53c6d03c0 sshd[20213]: Failed password for root from
222.186.34.122 port 2401 ssh2
May 17 08:54:56 f53c6d03c0 sshd[20213]: Failed password for root from
222.186.34.122 port 2401 ssh2
May 17 08:54:59 f53c6d03c0 sshd[20213]: Failed password for root from
222.186.34.122 port 2401 ssh2
May 17 08:55:01 f53c6d03c0 sshd[20213]: Failed password for root from
222.186.34.122 port 2401 ssh2
May 17 08:55:02 f53c6d03c0 sshd[20213]: fatal: Read from socket failed:
Connection reset by peer [preauth]
May 17 08:55:02 f53c6d03c0 sshd[20213]: PAM 4 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:55:02 f53c6d03c0 sshd[20213]: PAM service(sshd) ignoring max retries; 5 > 3
May 17 08:55:47 f53c6d03c0 sshd[20261]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
May 17 08:55:49 f53c6d03c0 sshd[20261]: Failed password for root from
222.186.34.122 port 4830 ssh2
May 17 08:55:52 f53c6d03c0 sshd[20261]: Failed password for root from
222.186.34.122 port 4830 ssh2
May 17 08:55:54 f53c6d03c0 sshd[20261]: Failed password for root from
222.186.34.122 port 4830 ssh2
May 17 08:55:56 f53c6d03c0 sshd[20261]: Failed password for root from
222.186.34.122 port 4830 ssh2
May 17 08:55:59 f53c6d03c0 sshd[20261]: Failed password for root from
222.186.34.122 port 4830 ssh2
May 17 08:55:59 f53c6d03c0 sshd[20261]: fatal: Read from socket failed:
Connection reset by peer [preauth]

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQIcBAEBAgAGBQJXO5GGAAoJEFHFlkOXyWQqbPMP/jHqkXfXH6MkdnYqegrGu0AK
/BJHCj0hAkiOZXm+FbViG2ZoH56g8R8/GcpSmJZy6jXWaA0MrcD6sAnT2mfH6pnj
G+cUKmVK9wCQxwjbVjrfAi33mxCrNwRQdGsaQ6P8+11BqQz0r5Dxg1muww3igd6J
qNJE4D48GQIT8K79vTJv3n6/JtCyP2u1tflNND2699rokEu7EKhvg2dJO+29g4In
xfNnEvBQMRXE2aF7gqfageDKCXCyV2ckdYciuaiKAMyI2vxYJ3hpDvFsU87YJYMw
EGfPLhm/IR99NJ0uEYYDebGpr423iaeipVukIIBU1gPpNpF5ONpw2STo4h4DXKfh
tW7X88VJyl++cfT1LuuUgTDBAUr63jDM39Ju3MKXYXUzDEKSX723OHXCglspSJOE
mvSGkmM8h+xdheEB9EBn14d+1UJzWXGxRPZrljl+9S0yJ0GGLnPBsVXFpZj9kfFq
00HWwGFuPaahKKN4siA8928oiIun+ukYFMcdfoHzdQ1eahZW1mgp3irT3an/Xm2x
Svq+tX00WYdv7CMvClQhhBSAqHaiB/3KN1Nm/Jcp0dNcPIHKdnLZlc1x2bAyfxsp
Ixkw66FIjS7nlTBk8CNh/p0OU383L1oyVnY49yhtVGSWOEkWcmBQVP7hASjlmZGM
IPx5Nx9x0AHPC2VQv9hn
=dA0C
-----END PGP SIGNATURE-----

[Anonymous]

If you insist on running sshd listening on port 22 on a machine that faces the public internet, you need get used to this. Everyone who
does that sees that.

It's pointless reporting it here.

[Jeremy Bentham]

Lookup any China CIDR here https://www.countryipblocks.net/bogons.php
and drop it.

iptables -A INPUT -p tcp -s 222.184.0.0/13 -j DROP

[Nomen Nescio]

In article <369b1a710b16bec7...@remailer.org.uk>

Nathan Hale <nob...@remailer.org.uk> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Latest attempt from China to brute force holland ssh (numerous previous
> attempts)
>
> May 17 08:52:25 f53c6d03c0 sshd[20105]: PAM 4 more authentication failures;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
> May 17 08:52:25 f53c6d03c0 sshd[20105]: PAM service(sshd) ignoring max retries; 5 > 3
> May 17 08:52:42 f53c6d03c0 sshd[20182]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
> May 17 08:52:44 f53c6d03c0 sshd[20182]: Failed password for root from
> 222.186.34.122 port 4421 ssh2

Nuke it in your iptables.

That is historically an abusive IP address in regards to SSH
hacking.

http://bannedhackersips.blogspot.com/2014/06/fail2ban-ssh-banned-
22218634122.html

https://exchange.xforce.ibmcloud.com/ip/222.186.34.122

http://bruteforcers.net/1481

https://www.blocklist.de/en/view.html?ip=222.186.34.122&page=1

http://www.fail2ban.org/wiki/index.php/Main_Page

http://www.fail2ban.org/wiki/index.php/FAQ_english

[Jack Ryan]

In article <6dacd7e06926aeeb...@anemone.mooo.com>

iptables -A INPUT -n leftwings -D hillaryclinton.com -j
DROPKICKONHEAD

[Zax]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 17 May 2016 23:14:20 +0100 (BST), Nathan Hale wrote in
Message-Id: <369b1a710b16bec7...@remailer.org.uk>:

> Latest attempt from China to brute force holland ssh (numerous previous
> attempts)
>
> May 17 08:52:25 f53c6d03c0 sshd[20105]: PAM 4 more authentication failures;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root

You have SSH root login enabled. That's a loophole easily
closed. If you want, you could generate some keys and completely
disable password login. Mr China Hacker then becomes impotent, without
having to block an entire country from using your remailer.

Feel free to drop me an email and I'll walk you through it.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXPCc1AAoJEC3jHKG+PvqnkvgP/2ka8mouyhCL/HtEkr3YVYgW
b/g1QAo9ysaxBJ4RUCwSj0+dkOC8UXi97OlM92zRfjmReMZJ6ahB3+aoVaoLmOOG
GhpNyWE+Ww43G4tjMzz+xJR9Wk+nyCgZGiMwdHTmrA2or9ohspC4UoAVYlX4mLIM
rj2cLjKwpHXK43Ey3UFsw2S1pNtqWr9lUaGSFVqkeWpdwWMoDI189RFNYFLgifl+
rxuDcVdR+jv4Y3bpOGKyicDcFn0mdMwrJw1xXC6JFwVxCdScVx6LtQhmaSDynosW
hRaJGfxg64pcf31WPOOKHAQpMCcsFfh81n4b8PFxatoGGaJyfgwXvBUh0mSra16C
b9XUnDyb8ekC2ySKGWDps6bCrraVPZ1nBylueZi7f4tIEanbDNrO6njKUcu9rkrp
H3U0kt3pFap01qdXnKS3kH1rDBJx0EZNS2WaPPX9srnoYHnbEBFniifpFA5SesI8
P0NDYfK8E0ypXqd0woEC8JKwYIEaXDbUfKYWUlSu/zlZRIVdwxoxeZ4En8kXvYqC
TJd0FxeCZymPsWKshEwc5vkSRy0NcVjhdp+//zFY0PZb2BgfnKD87bhNEYunLkYu
/Q+bso08mdphsF+/ykkMifgFGXyzlPIZbLOARd8xwYbyuGulY/lk0/ogYA1lhvUx
kvzKv3OzTvJhEkXI9VTL
=mJQs
-----END PGP SIGNATURE-----

--
pub 1024D/228761E7 2003-06-04 Steven Crook <st...@mixmin.net>
Key fingerprint = 1CD9 95E1 E9CE 80D6 C885 B7EB B471 80D5 2287 61E7
sub 4096R/BE3EFAA7 created: 2014-11-14 expires: 2016-11-13 usage: S

[Desk Rabbit]

That's doing it the hard way. I use fail2ban

[Jack Ryan]

> If you insist on running sshd listening on port 22 on a machine that faces the public internet, you need get used to this. Everyone who
> does that sees that.
>
> It's pointless reporting it here.

Correct. Change your sshd to another port and that will clean up a huge percent of the breakin attempts.

[Jack Ryan]

In article <cf6cf550f17651f7...@remailer.cpunk.us>

lol...that's too simple.

[Anonymous]

In article <slrnnjo9pl...@fleegle.mixmin.net>

Zax <ad...@mixmin.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Tue, 17 May 2016 23:14:20 +0100 (BST), Nathan Hale wrote in
> Message-Id: <369b1a710b16bec7...@remailer.org.uk>:
>
> > Latest attempt from China to brute force holland ssh (numerous previous
> > attempts)
> >
> > May 17 08:52:25 f53c6d03c0 sshd[20105]: PAM 4 more authentication failures;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.34.122 user=root
>
> You have SSH root login enabled. That's a loophole easily
> closed. If you want, you could generate some keys and completely
> disable password login. Mr China Hacker then becomes impotent, without
> having to block an entire country from using your remailer.
>
> Feel free to drop me an email and I'll walk you through it.

What happens if he is out riding his bike, gets hit by a car,
stays in a coma for 366 days and his key expires?

[Zax]

On Thu, 19 May 2016 00:36:50 +0200, Anonymous wrote in
Message-Id: <66a162d5d4bf06c4...@hoi-polloi.org>:

> What happens if he is out riding his bike, gets hit by a car,
> stays in a coma for 366 days and his key expires?

ssh keys don't have expiry dates.

[Ant]

DenyHosts for me.
--
Quote of the Week: "I never kill insects. If I see ants or spiders in
the room, I pick them up and take them outside. Karma is everything."
--Holly Valance
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / Please nuke ANT if replying by e-mail privately. If credit-
( ) ing, then please kindly use Ant nickname and AQFL URL/link.

[Ant]

Yeah. Or use a brute force attack blocker like fail2ban, DenyHosts, etc.
I have to use standard port 22 because my workplaces only have standard
ports open like 21, 22, 80, 563, etc. for security reasons. :(

[William Unruh]

On 2016-05-18, Ant <ANT...@zimage.com> wrote:
> In alt.privacy.anon-server Desk Rabbit <m...@example.com> wrote:
>> On 18/05/2016 06:20, Jack Ryan wrote:
>> > In article <6dacd7e06926aeeb...@anemone.mooo.com>
>> > Jeremy Bentham <nob...@anemone.mooo.com> wrote:
>> >>
>> >> Lookup any China CIDR here https://www.countryipblocks.net/bogons.php
>> >> and drop it.
>> >>
>> >> iptables -A INPUT -p tcp -s 222.184.0.0/13 -j DROP
>> >
>> > iptables -A INPUT -n leftwings -D hillaryclinton.com -j
>> > DROPKICKONHEAD
>> >
>
>> That's doing it the hard way. I use fail2ban
>
> DenyHosts for me.

The problem is that openssh has dropped all support for hosts.allow.
Thus procedures which use it to deny ssh attempts no longer work with
the latest ssh. The only way is firewalls.
i(well one can use
Match Address
...
DenyUsers *
MaxAuthTries 0

in /etc/ssh/sshd_config

[Nomen Nescio]

In article <nhj9h7$71i$1...@dont-email.me>

Wasn't TCP Wrapper support reintroduced to OpenSSH 7.2p2 via a recent
patch?

[William Unruh]

Maybe on some distribution. Certainly the person in chanrge of OpenSSH
was pretty definite ( in fact agressive and insulting) about eliminating
tcpwrapper support when I objected to its elimination.
Ie, is that patch an official patch or is a distribution patch?
>

[Cornelis Tromp]

In article <nhknf3$u2f$2...@dont-email.me>

Come on now Bill.....you can't google?

[Alex de Joode]

Jack Ryan <mixm...@remailer.cpunk.us> wrote:
:> If you insist on running sshd listening on port 22 on a machine that faces the public internet, you need get used to this. Everyone who

:> does that sees that.
:>
:> It's pointless reporting it here.
:
: Correct. Change your sshd to another port and that will clean up a huge percent of the breakin attempts.

:

As you run on linux and have iptables enabled (I hope) just add the below:
(change seconds and hits to your liking)

/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update \
--seconds 90 --hitcount 3 -j LOGDROP

Cheers,
Alex

--
bitcoins:1QAthQz4LKHWZURTVax5F75mj6d5uY8shW

[Anonymous]

Actually been thinking about doing the very thing lately, but too busy being lazy to dig it out on the web.

Don't care about logging it so:

/sbin/iptables -N JUNK-YARD-BULLDOG
/sbin/iptables -A JUNK-YARD-BULLDOG -j DROP

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update \

--seconds 90 --hitcount 3 -j JUNK-YARD-BULLDOG

[Happy Oyster]

Sorry, I don't understand. What is this good for?
--
Homöopathie ist nichts als Hütchenspielerbetrug und organisierte Kriminalität
http://ariplex.com/folia/archives/565.htm http://ariplex.com/folia/archives/570.htm
http://ariplex.com/folia/archives/585.htm http://ariplex.com/folia/archives/643.htm
http://ariplex.com/folia/archives/647.htm

[Nathan Hale]

In article <cjnlkb5utvtsf2rjv...@4ax.com>

Happy Oyster <-*-*.@.*-*-> wrote:
>
> On Wed, 18 May 2016 01:20:21 -0400 (EDT), Jack Ryan
> <mixm...@remailer.cpunk.us> wrote:
>
> >In article <6dacd7e06926aeeb...@anemone.mooo.com>
> >Jeremy Bentham <nob...@anemone.mooo.com> wrote:
> >>
> >> Lookup any China CIDR here https://www.countryipblocks.net/bogons.php
> >> and drop it.
> >>
> >> iptables -A INPUT -p tcp -s 222.184.0.0/13 -j DROP
> >
> >iptables -A INPUT -n leftwings -D hillaryclinton.com -j
> >DROPKICKONHEAD
>
>
> Sorry, I don't understand. What is this good for?

Someone's idea of a joke. Hillary Clinton is apparently an
American criminal.

[Peter Köhlmann]

wrote:

> On Wed, 18 May 2016 01:20:21 -0400 (EDT), Jack Ryan
> <mixm...@remailer.cpunk.us> wrote:
>
>>In article <6dacd7e06926aeeb...@anemone.mooo.com>
>>Jeremy Bentham <nob...@anemone.mooo.com> wrote:
>>>
>>> Lookup any China CIDR here https://www.countryipblocks.net/bogons.php
>>> and drop it.
>>>
>>> iptables -A INPUT -p tcp -s 222.184.0.0/13 -j DROP
>>
>>iptables -A INPUT -n leftwings -D hillaryclinton.com -j
>>DROPKICKONHEAD
>
>
> Sorry, I don't understand. What is this good for?

It shall make the impression that the dizum coward has any useable
knowledge. He doesn't. He is as dumb as a brick

[Peter Köhlmann]

Yes. For the american nazis

[Anonymous]

Glad this weird beard puts his picture up. It lets me know to immediately reject and ignore anything he tries to puke here on alt.privacy.anon-server.

[GreyCloud]

Not too far from the truth either.
Google Operation Paper Clip.

[Snit]

On 5/30/16, 11:21 AM, in article nii0au$185$1...@dont-email.me, "GreyCloud"

There are a lot of scandals involving the Clintons... many likely not true.
But they bring it on themselves by having so many which ARE demonstrably
true. Does not mean it is OK for others to make up new ones, but when they
are so demonstrably immoral based on their own actions - things people can
easily point to - it is easier to believe the ones which are not true, too.


--
* OS X / Linux: What is a file? <http://youtu.be/_dMbXGLW9PI>
* Mint MATE Trash, Panel, Menu: <http://youtu.be/C0y74FIf7uE>
* Mint KDE working with folders: <http://youtu.be/7C9nvniOoE0>
* Mint KDE creating files: <http://youtu.be/N7-fZJaJUv8>
* Mint KDE help: <http://youtu.be/3ikizUd3sa8>
* Mint KDE general navigation: <http://youtu.be/t9y14yZtQuI>
* Mint KDE bugs or Easter eggs? <http://youtu.be/CU-whJQvtfA>
* Easy on OS X / Hard on Linux: <http://youtu.be/D3BPWANQoIk>
* OS / Word Processor Comparison: <http://youtu.be/w6Qcl-w7s5c>

[Anonymous]

In article
<eb0b025cfaf5936e...@foto.nl1.torservers.net>

iptables -A INPUT -n neck-bearded-geek -D Peter -j HOPELESS-IN-
DENIAL

[Anonymous]

In article <nigu15$8au$2...@dont-email.me>
Peter =?UTF-8?B?S8O2aGxtYW5u?= <peter-k...@t-online.de>
wrote:

Obviously he's not using linux, so he's smarter than you.

[Peter Köhlmann]

Obviously you are way too stupid to see that it is plainly obvious that you
posted as "Jack Ryan" and now speak of that dimbulb as a third person.

Fitting. Abject stupidity is a hallmark you dizum coward.
And that naturally means that you are unable to use anything which wasn't
explained to you from kindergarden on

[Happy Oyster]

Sure. But I wanted to know what the iptables stuff does. How can it be
used? What for?

[William Unruh]

On 2016-05-31, Happy Oyster <-*-*> wrote:
> On Mon, 30 May 2016 07:51:44 +0100 (BST), Nathan Hale
><nob...@remailer.org.uk> wrote:
>
>>In article <cjnlkb5utvtsf2rjv...@4ax.com>
>>Happy Oyster <-*-*.@.*-*-> wrote:
>>>
>>> On Wed, 18 May 2016 01:20:21 -0400 (EDT), Jack Ryan
>>> <mixm...@remailer.cpunk.us> wrote:
>>>
>>> >In article <6dacd7e06926aeeb...@anemone.mooo.com>
>>> >Jeremy Bentham <nob...@anemone.mooo.com> wrote:
>>> >>
>>> >> Lookup any China CIDR here https://www.countryipblocks.net/bogons.php
>>> >> and drop it.
>>> >>
>>> >> iptables -A INPUT -p tcp -s 222.184.0.0/13 -j DROP
>>> >
>>> >iptables -A INPUT -n leftwings -D hillaryclinton.com -j
>>> >DROPKICKONHEAD
>>>
>>>
>>> Sorry, I don't understand. What is this good for?
>>
>>Someone's idea of a joke. Hillary Clinton is apparently an
>>American criminal.
>
> Sure. But I wanted to know what the iptables stuff does. How can it be
> used? What for?

iptables is the Linux firewall software. It can be used to drop packets
of a certain type (eg ssh) from certain addresses.
shorewall is another firewall software suite.

Thus one can tell your computer than if ever a packet comes in from any
of the adddresses 222.184.0.0/13 (Ie, any address from 222.184.0.0 to
222.191.255.255)via tcp on any port number to simply
drop the packet and not to hand it on to any software that might be
waiting for packets on the port number. Usually one will be more
selective and just drop packets for specific port numbers.
The "hillary clinton" stuff is a joke, and does nothing-- it is
completely impotent.

>>

[Nathan Hale]

In article
<eb0b025cfaf5936e...@foto.nl1.torservers.net>
Anonymous <anon...@foto.nl1.torservers.net> wrote:
>

[Happy Oyster]

Merci!

>The "hillary clinton" stuff is a joke, and does nothing-- it is
>completely impotent.

[Cornelis Tromp]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> If you insist on running sshd listening on port 22 on a machine that faces the public internet, you need get used to this. Everyone who
> does that sees that.
>
> It's pointless reporting it here.

You were completely right of course. I moved "brabus" and "holland" away from
port 22 sshd.
The problems then evaporated. I guess that the move will eliminate the bots
etc, but not
a determined hacker..

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQIcBAEBAgAGBQJXUC4OAAoJEFHFlkOXyWQqlA8P/1sHhzasN2J5SOmWgQGg8jBR
QOa9/pmJfrX5/ltOLv2zPnWutAdQsMz8zBInAcmg8WGd6JQQ3BwBY/4C4eYG5leE
ZfAbl/R273IO2F/lgM5xr4QdK3vZVLK5Qrf2JTQUsPgh1VDC2xjkQECKDfwr6cEZ
d3PkOT3xuTdBAPg4EcE9AXqs8HNsV7GpoUKyG2OBiD0cL1opI2o1Yd/7bJq7ISZs
1Dj/dVg/iRjxLNgz9fOlxkvFawPK1NkTXlpBBc03RZ8rnzYDo4k48AZkcos96LgH
PQGBTiREPwh3k/TeXQKTE5YKW3EOKWisNDGgxrEzhDMxH3hAI+RWluZtXxajL1dN
kYN57ojEvEBK2Zaf1CeEZAlrb6IS3ATJ9ZNNeMSqO5TPsnH/vfdOOtALgfkGg94T
XPQ7E1PR6/w+Kj1YqEpYZGZwlMyVLxEf4FsFmsxjKEnf4lBZukiwVyqhU3+U0bOH
2nMRFHvdAai91MWqqUd3fL0+jpbLLu32tEtiEsErEpb/91/ChjcqdjPxstlsVLci
i7bxidaffYFUca8JiJ1Z2AucspEATl6TVlTFqArQ/Co3QMA7qpGGCnkvc6bo2qSl
vGCp7UWvlhdiRdxku5JIk51LwuahGJ9dEZR3Jd1YUPPdKlR+wRwKULgNCydwmYms
XPQULfn7j5rI71gMar1b
=5Mr5
-----END PGP SIGNATURE-----

[Anonymous]

On Thu, 2 Jun 2016 14:43:15 +0100 (BST), Cornelis Tromp <nob...@holland.remailer.nl> wrote:

>You were completely right of course. I moved "brabus" and "holland" away from
>port 22 sshd.
>The problems then evaporated. I guess that the move will eliminate the bots
>etc, but not
>a determined hacker..

You may see the occasional attempt when someone stumbles into the new port. I get a few connections per year on a different port
compared to a few per hour when it was on port 22.

I get a few emails per year from DenyHosts when someone is added to the hosts.deny file.

[Nathan Hale]

> You may see the occasional attempt when someone stumbles into the new port. I get a few connections per year on a different port
> compared to a few per hour when it was on port 22.
>
> I get a few emails per year from DenyHosts when someone is added to the hosts.deny file.

Yes, same happened when I moved my server to a non standard SSH port. I hear
many comments about that security via obscurity does not work. Yes, it's
true that a non standard SSH port does not solve or improve SSH security issues.
However, it does leave the bots and script kiddies behind. Any intrusion
attempts on the non standard port is likely to be a more serious affair.
This can be dealt with via iptables, fail2ban, denyhosts, and PK SSH
logins.. etc.

The incontestable issue is the ENORMOUS reduction of scans and brute force
attacks associated with port22, and the time involved in updating iptables.

[Anonymous]

On Fri, 3 Jun 2016 16:34:24 +0100 (BST), Nathan Hale <nob...@remailer.org.uk> wrote:

>I hear many comments about that security via obscurity does not work.

For me it never was about enhancing security. It was about eliminating log file flooding to the greatest extent possible while still
running the sshd service.