NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

milks's avatar
milks
Tutor
Jan 19, 2015

Disable SSH with a cron job

Hi someone is attempting to brute force SSH access on my ReadyNas Ultra2 from multiple IPs. This can be in the form of several hundred login attempts within a second at a particular time of day. ...
General
ReadyNAS Add-ons for Legacy ReadyNAS
StephenB's avatar
StephenB
Guru - Experienced User
Jan 20, 2015
dsm1212 wrote:
This is not uncommon. If you forward the port from your router sooner or later you'll start being attacked. Most of my hits were from chinese locations :-). On OS4 denyhosts and changing the port is probably the best you can do.

If you are running os6, the system has iptables so you can install knockd. Basically with this you set iptables to block all port 22 traffic and then remotely you can send a sequence of packets to knockd that will tell it to configure iptables to let your one remote ip address into port 22. The reverse knock sequence will remove the access for that remote ip address.

steve
I'd try just changing to a non-standard port first, and see if that resolves the problem without the other steps. And of course keep an eye out for future attacks.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More