Brian "Krow" Aker (krow) wrote,
Brian "Krow" Aker
krow

Dear Lazyweb, how secure is Tomato?

Reposted from blog.krow.net

So today I noticed on one of my internal servers the following:

Jul 17 23:53:13 localhost sshd[31847]: Invalid user sales from 123.196.113.11

Jul 17 23:53:13 localhost sshd[31848]: input_userauth_request: invalid user sales

And I also see….

Jul 17 23:47:11 localhost sshd[31690]: reverse mapping checking getaddrinfo for 42.ac.84ae.static.theplanet.com [174.132.172.66] failed - POSSIBLE BREAK-IN ATTEMPT!

Also?

Jul 20 14:56:01 localhost ¿<28>fail2ban.actions: WARNING [ssh-iptables] Ban 121.88.250.208

Huh? Nothing is port forwarded, and the only thing that could be connecting to the box is a Linksys running 1.28 Tomato.

So I am wondering, is Tomato secure right now?
Subscribe
  • Post a new comment

    Error

    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment
Maybe a rogue UPNP port forwarding opening up a hole?