i have looked for logs. The syslog page gives no indication of the issue. is there another way to get logs. I monitor ssh through a network monitor. once i get a notification i look at the logs and try to ssh in with negative results.
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Wed May 10, 2023 10:28 Post subject:
Pdobrien3 wrote:
egc wrote:
Just a thought but the monitoring might be regarded as ddos/sniffing and/or exceeding the rate limit or what ever and maybe you are just blocked?
hmmm....dd-wrt does this? where is the setting? I have three different Asus RT-AC68Us and it happens on all of them, at different intervals.
..
LAN side or WAN side??
ho1Aetoo wrote:
In the security settings "Limit SSH Access".
But it is also in the syslog when an IP is blocked.
Those will limit the WAN side attempts...and its working..as well you will be notified, as ho1Aetoo announced above..
But... those could come from a compromised client from internal network LAN side...too...Ive never had such a case but its possible...no idea if you get a warning for it as well..
For SSh, Its a good practice to:
-use a ssh secure key authentication only
-disable password authentication for ssh
-change default ssh port(22) to something else preferably anything above ports 1024 like, something in rage of 40000-65000
-I also put a complex password on my secure key...so if for some reason someone capture it, it will need a password to be able to use it...(not that it will save your ass if you become a designated target) but it helps...
I see lots of SSh scans and attempts, if i use SSh over WAN side...non of those successful..but you can block those IP's on the INPUT chain, so next time they will just DROP (i use IPset rules as those tent to be many...)IPset --> https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 26 Mar 2013 Posts: 1857 Location: Hung Hom, Hong Kong
Posted: Wed May 10, 2023 12:02 Post subject:
Alozaros wrote:
For SSh, Its a good practice to:
-use a ssh secure key authentication only
-disable password authentication for ssh
-change default ssh port(22) to something else preferably anything above ports 1024 like, something in rage of 40000-65000
-I also put a complex password on my secure key...so if for some reason someone capture it, it will need a password to be able to use it...(not that it will save your ass if you become a designated target) but it helps...
You possibly could NOT do these many things with Dropbear? But with OpenSSH of Entware?
edit:
Ignore me. "nvram show | grep sshd" shows parameters related these 4 tasks.
But I still think OpenSSH is way better. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Posted: Wed May 10, 2023 18:20 Post subject: WAN IP still 0.0.0.0
I've posted my issue twice already and haven't gotten any feedback/solutions. I hope I won't get in trouble for asking the for third time.
I keep updating my router every second or third release to see if one those issues fixes WAN not working but after a 10 or 15 attempts I still don't see any changes. My WAN IP is set to auto while LAN is the standard 192.168.1.1 with DHCP server. My internet works but I'm not able to get to my router unless I set the IP 192.168.1.2 or so on one of my clients. All the computers on my networks get IP address from the WAN router which is 192.168.188.1. I know it's not a fully public IP but somehow my ISP has it set up this way. I know it's the problem with DD-WRT because when I try different routers (even DD-WRT but not broadcom) all my devices get 192.168.1.X addresses. This is the only router where I have this issue, for some reason DHCP server skips its function and passes it to the next router in line. I used to have DHCP forwarding a few months ago and it seems as for some reason it's still in memory. I turned the logging on but don't see anything would help me. Let me add the panel shows WAN IP as 0.0.0.0. Clearly WAN and DHCP server not woring.
Firmware: v3.0-r52459 std (05/08/23)
Router/Version: Netgear R7000 Kernel: Linux 4.4.302-st38 #9289 SMP Mon May 8 02:11:25 +06 2023 armv7l
Previous: v3.0-r52369 std (04/20/23)
Mode/Status: AP wired and wireless / Up and running for 1 day
Reset: Soft boot before and after upgrade
Temperatures: CPU 58.0 °C / WL0 45.2 °C / WL1 50.4 °C
Issues/Errors: Nothing significant
Updated via webif. No 'nvram erase' this time, last one was in July 2018 (r36325).
Upload and Download speeds are to ISP spec (Bell Canada "Fibe", 500/500 Mbps).
Current basic R7000 setup (subject to change of course):
- Static WAN IP
- Shortcut Forwarding Engine: CTF, Flow Acceleration: Disabled
- STP - Enabled
- IPv4 only, both WAN and LAN
- LAN DHCP Enabled
- Not currently forwarding any ports
- Wireless: AP, Regulatory Domain = CANADA, wl0 N/G Mixed (ch. 6), wl1 AC/N-Mixed (ch. 36, VHT80), AES
- 1 wireless VLAN on wl0
- SNMP disabled, SSH enabled, Telnet disabled
- Firewall enabled, Log Level high
- Syslog: to local server. klogd: disabled.
- USB support - Off
- No custom scripts
- No: ttraf, Tor, VNC, Zabbix, VPN, Radius, OpenVPN
- No: UPnP, DMZ, QoS
- No: Samba, CIFS, JFFS2, miniDLNA, Entware, Optware _________________ Netgear R7000: v3.0-r54248 std (11/29/23)
EdgeRouter-X: EdgeOS v2.0.9-hotfix 7
ssh still crashing after a couple hours on Router Model:Asus RT-AC68U. no issues on 04-14-2023-r52330
Man seems we are not at all lucky on 68U... Im about to upgrade myself cause I cant stand this crashing out and trying to get everything back online.
Kinda wish I remembered what Jan build worked ok. _________________ ~Battlez-avec la Mystique?~
Asus AC68U/AC1900 (Tmobile) - Firmware: DD-WRT v3.0-r52369 std (04/20/23)
Router Model: Netgear R7000
Firmware Version: DD-WRT v3.0-r52459M Community Build (05/08/23)
Kernel Version: Linux 4.4.302-st38 #9289 SMP Mon May 8 02:11:25 +06 2023 armv7l DD-WRT
Previous/Reset: DD-WRT v3.0-r51275 / No
Mode/Status: 2.4 AP - 5GHz AP - OpenVPN
Issues/Errors: After a couple of days of running fine, several of the services stopped working -- including the Web UI, and the DNS resolver. Reverted to DD-WRT v3.0-r51275.