SSH Massive amount of BRUTE FORCE ATTACKS

Post your questions about myQNAPcloud service here.
Post Reply
ALLIT
First post
Posts: 1
Joined: Fri May 15, 2020 7:57 pm

SSH Massive amount of BRUTE FORCE ATTACKS

Post by ALLIT » Mon May 18, 2020 10:52 pm

SSH Message: [Security] Added IP address "222.186.190.14" to IP block list
IP address "222.186.15.115"
IP address "37.49.226.212"
IP address "37.49.226.212"
IP address "45.95.168.133"
IP address "116.105.195.243"
IP address "112.85.42.189"
IP address "112.85.42.189"

PLEASE ADVISE

dolbyman
Guru
Posts: 19747
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: SSH Massive amount of BRUTE FORCE ATTACKS

Post by dolbyman » Mon May 18, 2020 11:23 pm

get your nas out of the open web..only advise that can be given here

User avatar
jaysona
Easy as a breeze
Posts: 279
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: SSH Massive amount of BRUTE FORCE ATTACKS

Post by jaysona » Tue May 19, 2020 6:51 am

ALLIT wrote:
Mon May 18, 2020 10:52 pm
SSH Message: [Security] Added IP address "222.186.190.14" to IP block list
IP address "222.186.15.115"
IP address "37.49.226.212"
IP address "37.49.226.212"
IP address "45.95.168.133"
IP address "116.105.195.243"
IP address "112.85.42.189"
IP address "112.85.42.189"

PLEASE ADVISE
What kind of advice are you seeking?

It seems like you are doing one thing correctly, which is blocking the IP address after several failed login attempts.

If you want the attacks to stop, you essentially have four options.

1. Disable direct SSH access to the NAS, and the attacks will stop as the scanning bots determine that tcp 22 is not available for your IP address.
2. Use a router that supports OpenWRT, DD-WRT, FreshTomato or MerlinWRT and use iptables to drop multiple tcp 22 requests within a period of a few seconds.
3. If you really require direct ssh access to the NAS, then consider using a router that supports port knocking and enable port knocking for ssh.
4. Setup an internal VPNB server (such as OpenVPN) and access the NAS over the VPN.

If you do not know what #2, #3 &4 mean or how to accomplish those, then you probably should not be exposing ssh directly to the Internet either. ;)
H/W: TS-219 Pro / TS-269 Pro / TS-253 Pro (8Gig)
H/W: TS-509 Pro x2 / TS-569 Pro / TS-670 Pro (i7-3770S 16Gig) x2 / TS-853 Pro (8Gig)
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 384.18
Router2: Asus RT-AC68U - DD-WRT v3.0-r39960M kongac
Router3: Linksys WRT1900AC - DD-WRT v3.0-r43028 std
Router4: Asus RT-AC66U - FreshTomato v2020.3
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)

Post Reply

Return to “myQNAPcloud service”