Discussion in 'Tomato Firmware' started by Hypernova, Mar 26, 2007.
How right now it's more of an annoyance since it's rising CPU load to 60%.
Seems to me like you have the "SSH Daemon" on the WRT54 set to allow "Remote Access".
Do you really need that? If yes, I suggest using a different portnumber than the default 22, because most scriptkiddies use brute force tools that only scan for SSH listening on that port.
If not, simply turn it off (how often do you log in from the outside into Tomato?).
I use it to check up on data usage from school and there's no remote for telnet. would changing the port to higher (60000) help? It's all I use it for since it costs a few cents per MB of traffic at Uni so it would be a bit costly to see things through web interface.
 just realised I already have an linksys account and it was in my home comp's cookie all this time.
Yeah, that would help for sure. As long as the scriptkiddies don't do a full port-scan... but that would take them too long to figure out which one is running what specific protocol / service.
Port-number makes no big difference, as long as it's higher than 1024 IMHO. Below 1024 are most of the other known services.
But... to check up on data-usage from school, you definitely don't need SSH. HTTP(S) and "Remote Access" will do!
I run my SSHd on port 443 (since its open in most firwalls) and I have never had a failed login attempt.
At about 4 US cents per MB it's cheaper through PUTTY. And is this a bug?: After changing port restarting the services still sets the same port. New port is used only after reboot.
You can block the incomming IP range
iptables -I INPUT -s 22.214.171.124-126.96.36.199 -j DROP
The better suggestion would be to block all incoming IP EXCEPT for the ones from your school AS WELL AS changing the SSH port number.
You also might try going to the culprits ISP (http://whois.domaintools.com/188.8.131.52) and complain but as it's from Mexico you might not have any luck. Send a copy of the log - who knows you might get lucky.