New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus • Advice and insight from world-class Apple enthusiasts • Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Internet, Networking, and Wireless Discussion of networking, internet, and wireless including Apple's Airport products.

Port 22 (SSH) Attack Daily!!!!


Post Reply New Thread Subscribe

 
Thread Tools
Aloco44

 
Member Since: Aug 11, 2010
Posts: 3
Aloco44 is on a distinguished road

Aloco44 is offline
I have a MBP (S.L 10.6.5) that I use for work/home purposes. I'm using Doorstop X/Who's There? and Little Snitch for internet security. For the last couple of days my Who's There app is showing that someone is trying to remotely access my MBP, threw Port 22.

Here are the details: (RED FLAG) 70.32.68.18 (IP), n18.c05.mtsvc.net (Host Name). WHOIS, shows the location somewhere off the cost of Africa.

Access is denied, but the attacks still proceed. Every time I restart my MBP, as soon as it boots the first attack appears. There are only a few attacks (2-4) depending on the time I'm on the internet. The Attacks only happen on my home network, not on my office network. I use an Airport Extreme (Latest Model) at home.

Even though access is denied, it's still irritating!! What can I do to stop this attacker and future ones? Information greatly appreciated, thank you.
QUOTE Thanks
Raz0rEdge

 
Raz0rEdge's Avatar
 
Member Since: Jul 17, 2009
Location: MA
Posts: 7,501
Raz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant future
Mac Specs: 27" i7 iMac, 24" iMac, 13" Macbook Air, iPhone 5 & 5S, iPod Nano 7th Gen, iPad 2 16GB WiFi, iPad 3

Raz0rEdge is offline
How are you connecting to the Internet? If you are going through a router then the firewall in there should prevent access to your machine which should be on a local IP address that is inaccessible from the external world..

Routine attacks on standard Internet ports are VERY common and there's no real way of preventing it since the attacker isn't really targeting you but rather a large number of IP's in a particular range to see which one they can get access to.

Regards
QUOTE Thanks
Aloco44

 
Member Since: Aug 11, 2010
Posts: 3
Aloco44 is on a distinguished road

Aloco44 is offline
I'm connecting with a Comcast router/Apple Airport Extreme.
QUOTE Thanks
IvanLasston

 
IvanLasston's Avatar
 
Member Since: Feb 26, 2010
Location: Rocky Mountain High, Colorado
Posts: 2,116
IvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to behold
Mac Specs: 1.8 GHz i7 MBA 11" OSX 10.8.2

IvanLasston is offline
Is the Comcast router doing the routing/firewall or is the Extreme? Do you have port 22 open in your firewall?

Do you need ssh on - on your mac?

As Raz0rEdge has said - it is really a bunch of scripts that are hitting port 22 because it is so common, and so much can be done if you get in on port 22.

If you need ssh open then there are a few things you can do to help decrease the chances of getting hit like installing denyhosts.
QUOTE Thanks
Aloco44

 
Member Since: Aug 11, 2010
Posts: 3
Aloco44 is on a distinguished road

Aloco44 is offline
Extreme is doing the FW; and no, Port 22 is not open, don't really need it open. Would changing my IP help, because my IP is different at work; I'm only being attacked at home. So, obviously he/them have that IP (home). Should I change to a static address?
QUOTE Thanks
IvanLasston

 
IvanLasston's Avatar
 
Member Since: Feb 26, 2010
Location: Rocky Mountain High, Colorado
Posts: 2,116
IvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to behold
Mac Specs: 1.8 GHz i7 MBA 11" OSX 10.8.2

IvanLasston is offline
Can you see where the hits are coming from? There really shouldn't be anything passing through your firewall. Are the port 22 hits coming from an internal ip address or is it an internet address? Meaning could someone have hopped onto your wifi - then try to attack your computers? It also could be another machine got hacked and they are using that to search for vunerable machines inside your network.
QUOTE Thanks

Post Reply New Thread Subscribe


« Is Airport Extreme giving me phone noise? | PowerBook G4 Laptop Wirelss »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
A Ports Primer IvanLasston Internet, Networking, and Wireless 0 12-05-2010 03:10 PM
SSH w/public key ibm/ubuntu to mac/snow leopard abl7635 Running Windows (or anything else) on your Mac 0 07-07-2010 08:13 PM
Port Foward/ Bridge mode/ Speed issue rc1980 Internet, Networking, and Wireless 0 06-08-2010 10:54 PM
Which program is using TCP port 9335? adiehl777 Internet, Networking, and Wireless 11 03-03-2010 02:39 PM
Can anybody walk me through SSH and Firewalls using ARD coincopy OS X - Apps and Games 0 01-27-2007 10:48 AM

All times are GMT -4. The time now is 06:52 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?