FreeNAS security question ..

Status
Not open for further replies.
B

Bernard Mentink

Contributor
Joined
Apr 2, 2016
Messages
193
Hi All,

I am wondering on some entries in the regular security emails I get. I have this entry:
Code:
freenas.local login failures:
Apr  9 19:23:43 freenas sshd[25868]: Bad protocol version identification 'a' from 71.6.142.85 port 35557


Is this someone trying to hack my server? Should I ban that IP in my firewall? It happens nearly every day ..
 
m0nkey_

m0nkey_

MVP
Joined
Oct 27, 2015
Messages
2,739
In an ideal world, your FreeNAS server should not be accessible to the outside world.
 
B

Bernard Mentink

Contributor
Joined
Apr 2, 2016
Messages
193
I only have ssh access ... because it is NOT an ideal world :) .. actually in an ideal world, you would not need security at all.
I guess I could ssh into a Jail, but not sure how more secure that would be .. would be good to get an answer for my question though ..
 
Last edited:
Jailer

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,977
Did you change your SSH port to a non standard port? If not you should, it will stop those kinds of access attempts.
 
B

Bernard Mentink

Contributor
Joined
Apr 2, 2016
Messages
193
Yes, I did. But the person at the IP above is banging on a different port completely to my open one ...
Won't stop these type of attacks if he is using a port scanner ...
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Bernard Mentink said:
Yes, I did. But the person at the IP above is banging on a different port completely to my open one ...
Won't stop these type of attacks if he is using a port scanner ...
Click to expand...
No, that's his port. IP connections are identified by the IP addresses and ports of both endpoints. Clients just generally open a random port in an unreserved range and use that, hence the "port 35557" bit.
 
Vito Reiter

Vito Reiter

Wise in the Ways of Science
Joined
Jan 18, 2017
Messages
232
Alright, well the IP you listed actually appears on some blacklists and should probably be added to yours. If you're the only one that really accesses FreeNAS, or there's only like two people in your company that can use it (like mine), I would turn SSH off until you need to use it. Block all connections to your NAS box from the outside world (Simple router settings), and do your best to make sure that access to it is limited.

Also, someone once told me "If someone wants to get in bad enough, they will. Doesn't matter how much security you have". I use some basic blacklists on our network and add to them as I see necessary. You'll slowly notice that no matter how small a person or company you are, someone will try to get in because someone's data is always valuable to them.
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "FreeNAS security question .."

Similar threads

andrewjs18
  • Locked
freenas.local login failures question
Replies
6
Views
2K
andrewjs18
andrewjs18
H
  • Locked
[gelöst] Beunruhigende Einträge in security run output!
Replies
10
Views
1K
hok
H
thijsjek
  • Locked
SSH keys
Replies
4
Views
4K
thijsjek
thijsjek
joeschmuck
  • Locked
SSH Attack Attempt From My Own System?
Replies
8
Views
3K
joeschmuck
joeschmuck
I
  • Locked
Automated IP scans
Replies
3
Views
3K
wizmin
W
Top