Our ns1.grapheneos.org DNS server was targeted by a DoS attack yesterday. They didn't target the DNS service but rather... SSH. That's a new one.
Can see the traffic spike but it was hardly anything compared to the usual attacks. Still, SSH buckled.
nodeping.com/reports/status
Conversation
Replying to
If you need SSH to remain accessible under this kind of idiocy, putting it behind a wireguard tunnel or cryptographic port knocking (the former is really an overengineered but readily available stand-in for the latter, in this usage) might work well.
1
1
Replying to
We'll probably have to do something with stateless netfilter. I don't want to have conntrack enabled because it will actually help attackers with DoS.
PowerDNS UDP service and nginx hold up really well under DoS attacks. I'm sure PowerDNS TCP is very easy to overload though.
1
1
Show replies
Replying to
Do you think this is targeted or just some bored people using scripts to try to login on random servers
1
Replying to
A targeted DoS attack from a few hosts which was super overkill based on the extremely low connection limit sshd has by default.
1
Replying to
Hmmm just in time (31 aug)
Package : libssh
CVE ID : CVE-2021-3634
Debian Bug : 993046
It was discovered that a buffer overflow in rekeying in libssh could
result in denial of service or potentially the execution of arbitrary
code.
2
Replying to
Reported a similar incident yesterday as well as someone was trying to bruteforce SSH passwords on System76 servers.
Quote Tweet
Someone at 60.49.119.235 is trying to brute force SSH passwords with the usernames "admin" and "default". Should I let them know those usernames don't exist and this server only has key auth and it would take them until the heat death of the universe on their potato to crack?
Show this thread
1
There are always endless password brute force attempts but there's only key authentication. OpenSSH still pretends to support password authentication. That's quite different from a DoS attack on it though.
Replying to
Ping me if you need help with infrastructure. I work fulltime but happy to spare some for your excellent project.