February 18, 201412 yr Today I noticed some odd behavior in my log: in.telnetd[13586]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:28:03 Tower telnetd[13586]: ttloop: read: Connection reset by peer Feb 18 13:30:46 Tower emhttp: shcmd (186): /usr/sbin/hdparm -y /dev/sdg &> /dev/null Feb 18 13:31:44 Tower in.telnetd[13589]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:31:45 Tower login[13590]: invalid password for 'root' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:31:46 Tower login[13590]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:31:58 Tower in.telnetd[13591]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:32:00 Tower login[13592]: invalid password for 'root' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:00 Tower login[13592]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:12 Tower in.telnetd[13593]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:32:14 Tower login[13594]: invalid password for 'root' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:15 Tower login[13594]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:26 Tower in.telnetd[13595]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:32:27 Tower login[13596]: invalid password for 'root' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:28 Tower login[13596]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:39 Tower in.telnetd[13597]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:32:41 Tower login[13598]: invalid password for 'root' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:42 Tower login[13598]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:53 Tower in.telnetd[13599]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:32:55 Tower login[13600]: invalid password for 'root' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:32:56 Tower login[13600]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:33:07 Tower in.telnetd[13601]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:33:09 Tower login[13602]: invalid password for 'root' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:33:10 Tower login[13602]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:33:21 Tower in.telnetd[13603]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:33:23 Tower login[13604]: invalid password for 'root' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:33:24 Tower login[13604]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:33:35 Tower in.telnetd[13605]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:33:37 Tower login[13606]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:33:38 Tower login[13606]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:33:48 Tower in.telnetd[13607]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:33:50 Tower login[13608]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:33:51 Tower login[13608]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:02 Tower in.telnetd[13609]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:34:04 Tower login[13610]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:05 Tower login[13610]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:16 Tower in.telnetd[13611]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:34:18 Tower login[13612]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:19 Tower login[13612]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:30 Tower in.telnetd[13613]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:34:32 Tower login[13614]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:32 Tower login[13614]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:43 Tower in.telnetd[13615]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:34:45 Tower login[13616]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:46 Tower login[13616]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:34:57 Tower in.telnetd[13617]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:34:59 Tower login[13618]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:35:00 Tower login[13618]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:35:11 Tower in.telnetd[13619]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:35:12 Tower login[13620]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:35:13 Tower login[13620]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:35:24 Tower in.telnetd[13621]: connect from 114.32.33.1 (114.32.33.1) Feb 18 13:35:26 Tower login[13622]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:35:27 Tower login[13622]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '114-32-33-1.HINET-IP.hinet.net' Feb 18 13:46:28 Tower in.telnetd[13623]: connect from 182.149.238.222 (182.149.238.222) It appears someone is trying to telnet into my system. How can I protect myself from such attacks besides just having strong passwords? Should I use obscure ports?
February 18, 201412 yr The server should be behind a firewall. unRAID is not hardened for public Internet use. Disconnect the Internet service NOW. Pull the plug. You will be hacked. Do not restore Internet service until a Firewall is in place.
February 18, 201412 yr Author It is behind the firewall on my router. I turned off the port forwarding to the telnet port. I didn't realize I had left it open.
Archived
This topic is now archived and is closed to further replies.