1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato RAF 1.1t, I think someone tried to hack into the router

Discussion in 'Tomato Firmware' started by lmartinez7641, Jun 13, 2013.

  1. lmartinez7641

    lmartinez7641 Serious Server Member

    I think someone tried to get into the router from china, can someone please review the log and tell me if is true and how to prevent this from happening again

    Thank you in advance
     
  2. Waester

    Waester Reformed Router Member

    You could use something like AsiaBlock

    Otherwise "Limit Connections Attemps" helps by slowing them down and "Allow Remote IP Adress" limits it to IPs you trust. You could also use non standard ports for SSH, instead of port 22 use something totally random like 58392.

    Hackers tend to try and access the standard protocol ports. As they are most common.

    The settings can be found at "Administration/Admin Access"
     
  3. internetgnm

    internetgnm Serious Server Member

    Hello to block connection attempts to the router is not nothing but the pc if you can install PeerBlock and there can add the list of what you want to block.
    In this link there are many types of list and also in countries http://www.iblocklist.com/lists.php?category=general

    Hope it helps :)
     
  4. fubdap

    fubdap Addicted to LI Member

    You may need to disable remote access to your router under Admin menu:

    Remote Access.PNG
     
  5. darkknight93

    darkknight93 Networkin' Nut Member

    One possibility is: Change the WAN SSH Port to something like 5322 or any different port than port 22,
    try to use Public/Private-Key Authentication (you can find howtos on the web)
    Enable the max. Login attempts on Admin Access e.g. to 1 per 60sec

    Just my Input.

    Sorry for being brief and typos, send my mobile device
     
  6. jan.n

    jan.n Addicted to LI Member

    Darkknight is right, and limit access via "Allowed adresses"...
    That said, if you log DROPped connection attempts, use this on the logfile to see a list of IPs trying to nag you:
    Code:
    grep DROP /var/log/router.log |awk -F" " '{print$12}'|awk -F"=" '{print$2}'|sort -n|uniq -c|sort -n|tail|awk -F" " '{print FNR," ",$2," ",$1}'
    I include the line numbers (FNR) to better visualize the top 10 (using gnuplot, see attached file).
     

    Attached Files:

  7. lmartinez7641

    lmartinez7641 Serious Server Member

    Thank you for all your input
     

Share This Page