# Who says security isn't important for a home user?!?

## Rukie

Lol, I was just looking through some logs on my, unfortunately, unsecured computer behind a NAT, and I noticed a couple interesting things... and provacative things!  :Surprised: 

Anyways, for those of you who think that they are secure in a NAT (all be it, I do have port 22 forwarded to this machine so that I may do a socks proxy through a tunnel (great bypass method) just look at this, my log.

This is everything related to ssh through syslog-ng.

 *Quote:*   

> 
> 
> Jul 16 18:15:02 localhost sshd[12417]: Server listening on :: port 22.
> 
> Jul 16 18:15:02 localhost sshd[12417]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
> ...

 

----------

## danomac

This is why I use my firewall to map a different port than 22. I have it forward a really high port to port 22 on my LAN.

----------

## bunder

you might be interested in fail2ban.

----------

## Vlad

Meh, there's all sorts of ways to secure SSH and this sort of brute force attack isn't exactly uncommon.

Limiting the IP addresses that can connect to the port SSH is listening on, using a port other than 22, allowing only specific users/groups to login (via sshd_config), and using a script that auto-bans these brute force attacks are good ways to limit access.

I don't think that necessarily means NAT isn't secure.  It just means you have to be careful when you're forwarding ports.  I've suggested people buy a cheap linksys home router for years now as a means to secure their network.  NAT is infinitely better than hooking your computer directly to the internet - especially if you ever use Windows.

----------

## magic919

Maybe we need a sticky entitled "If you open ports to the Internet you should expect people to drop by".

----------

## Rukie

Here's a description of my home network.

Cable Modem

|

Clark Connect PC (Nat)

|

Switch

|.................................|

Me......................Cisco Router (Second NAT)

.................................|

...........................Rest of Family

I have it setup in this way so that I can play around with ports/etc and use my home computer as sort of a server. I only have a few ports open/forwarded. ssh, a couple for giFT (which I still can't seem to get working).

I just setup fail2ban, but I'll be heading off to college, with 12,000 nerds or something at RIT, so I think I'm going to want to secure my pc even more. I'll have my wifi netgear router, but that'll be it. 

So, any tips/suggestions would be great  :Very Happy: 

----------

## AdShea

Go grab shorewall (it's in portage) and setup a decent firewall, then be sure to only open what you absolutely need.

Use fail2ban or a similar program to help stop brute force attacks like what you've already seen.  Possibly also add a rule that bans addresses that just tried to portscan you.

For the wireless, you have two choices.  Either encrypt it with WPA2 which will discourage the casual wifi luser, or leave it open and have your compy do interesting things with unauthorized traffic.  (Emails from their address to tell them to stop using your wifi for example)

If you leave it open, you'll want to do VPN so anyone with a card in rfmon can't grab what you're doing.  Google driftnet for an example of what I mean here.

Other than that, be sure to use good passwords, and change them reasonably often (every month or so is usually good).  Also, watch out for keyloggers when logging in on someone elses compy.  ( My friend got me with that one   :Embarassed:  .)

----------

## redgsturbo

 *Rukie wrote:*   

> Here's a description of my home network.
> 
> Cable Modem
> 
> |
> ...

 

Don't use wireless... many many drivers have an overflow condition in the beacon

----------

## eccerr0r

just wanted to reemphasize, if you have a port 22 open (or any common port open) you _WILL_ get scanned for services and people _WILL_ attack your machine regardless how meaningless your machine may be.  Even people on dialup need to take precautions despite them not being as "valuable" as a 24/7 machine, but nevertheless still a great candidate for hacking.

So make sure everyone with an outward facing account has a good password (and pay special attention to root).  I haven't started seeing what dictionary passwords the perpetrator is doing but I get scanned multiple times per day from all sorts of different machines.  I think I'm up to around 1000 unique machines and I'm still getting more new machines prodding at mine...  Botnet.

----------

## adsmith

```
emerge fail2ban
```

 and configure it to block a host for 15 minutes after, say, 5 failed login attempts .  It stops these brute force attacks and keeps your system logs clean...

----------

## transient

lolscriptkiddies...

----------

## nrosier

Or have a look at denyhosts. Blocks hosts in /etc/hosts.deny. Whitelisting, blacklisting, syncing ban-lists with servers etc...

----------

## Rukie

I'm interested in doing unique things with students who log into my wifi without asking....

Any suggestions on what proggies I need to do this?  :Very Happy: 

Also, fail2ban doesn't seem to start at all, and it doesn't give any error. It just says it fails to start.

Also, for a VPN...is there really a safe way to do this?

I'll have 2 ethernet ports in my new dorm room  :Surprised: 

1 for me, 1 for roomate

so, should I have

Wall

|

Wireless Router

|..................|...................|

Me............Lappy............Strangers

(I'll defintely have wpa-psk enabled, however, even wpa is easily hacked, and I'm in a dorm full of nerds.)

I can also do

Wall

|

Main Comp

|

Wireless Router

|..................|

Lappy.......Strangers

the lappy could have a secure connection to the main comp, but still, its traffic load on my comp and then it would have to be on all the time (which I do now...)

----------

## im lost

Do you have iptables running?  I didn't have that at first when I installed fail2ban, and then I didn't have it as part of the kernel.  See this thread for my experience with that.

----------

