Ssh Bombardment

Whitehill

Registered
A couple of weeks ago, as an experiment, I opened port 22 on my router and turned on remote login on my iMac. It worked great. From an external system, I could ssh to my Mac. Just what I hoped for. So I left things like that.

A couple days later, my Mac was really unresponsive. Looking at the console, I found zillions of messages from sshd (remote login server) about failed login attempts. Really, about a dozen per second. So I turned off remote login. The messages helpfully list the IP address of the perp. "whois" tells me it's in China.

About a week ago, I turned it on again and, after a while, the attempts started up again - from the same IP.

If these bozos are wasting so much bandwidth on little ole' me, it makes me wonder what happens to the big boys.

The path through my router is from outer port 22 to inner port 22. I can change the outer port to, say, 22222. Since I'm the only user, I can live with it. Maybe I'll discover if my Chinese friend is pounding all 64K ports.
 
What program duped you use to open the SSH server or did you use the command line Terminal to OEM the port?

Most hackers use scanning software and scan ISP customers to device connected to ISP home modems! So unless you want to ssh or VPN to your Mac then close that port on your router and look at GreenWorldSoft VPN server & Client and it's only $9.00 for the server (that goes on the target Mac) and the Client (which is free). Here is it in action:



IMHO no Home user should ever open ports on a Home router! Hackers are switching to routers to gain more information for the scam! Most of router hacks were done because a user opened a port to an ssh into!
 
Last edited:
I use to watch the report from my security panel of my modem. It would drive anyone crazy to see all those attempts to log into my home network. I finally realized that the system I had in place was working and I shouldn’t worry.
 
I have been away for a few days. Before I left, I closed all potentially offending ports. Jeez, I didn't mean to upset anyone.

Starting about 15 years ago, I used SSH to access my home system while on the road. It was a Sun workstation behind a Cisco router on a Verizon T1 line. My personal Apple equipment was on my private network. The Sun and T1 went away in 2005.

The following 5 years I used several non-static services - satellite first, then DSL. I used Dyn.com to fake a static IP and continued to SSH in with no problems - that I know of.

In 2010 I retired and shortly thereafter, DSL changed to cable. I continued to use Dyn.com, but the remote SSH requirement had almost vanished. That brings us to the present.

I have no current compelling reason to continue with SSH, except about a month ago, on a whim, I bought the Server app, and was messing around. It provides a VPN service, but that also needs some open ports. I turned it on for a while and it works fine.

Satcomer, does the GreenWorldSoft stuff somehow not need open ports?
 
I read some of the GreenWorldSoft stuff. The server config app doesn't add anything new, it configures what comes with every copy of OS X. So it will need at least one open port.
 
well, unix way to solve this is ban password login in your ssh daemon configuration, and establish private key login, so it is automatically rejecting all script kiddies, who try attack known ssh servers with known passwords. That and keeping your ssh daemon up-to date, but that should be taken care of by apple.
 
Back
Top