- 新しい順
- 投票が多い順
- コメントが多い順
Hi
I would suggest to restrict the ports to the specific IP adress instead you open to world 0.0.0.0/0, So check the info from the link you have posted. I assume someone is trying to ssh into your server with random ports
Specifying source IP addresses
By default, firewall rules allow all IP addresses to connect to your instance through the specified protocol and port. This is ideal for traffic such as web browsers over HTTP and HTTPS. However, this poses a security risk for traffic such as SSH and RDP, since you would not want to allow all IP addresses to be able to connect to your instance using those applications. For that reason, you can choose to restrict a firewall rule to an IPv4 or IPv6 address or range of IP addresses.
For the IPv4 firewall - You can specify a single IPv4 address (for example, 203.0.113.1), or a range of IPv4 addresses. In the Lightsail console, the range can be specified using a dash (for example, 192.0.2.0-192.0.2.255) or in CIDR block notation (for example, 192.0.2.0/24). For more information about CIDR block notation, see Classless Inter-Domain Routing on Wikipedia.
For the IPv6 firewall - You can specify a single IPv6 address (for example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334), or a range of IPv6 addresses. In the Lightsail console, the IPv6 range can be specified using only CIDR block notation (for example, 2001:db8::/32). For more information about IPv6 CIDR block notation, see IPv6 CIDR blocks on Wikipedia.
関連するコンテンツ
- AWS公式更新しました 4ヶ月前
- AWS公式更新しました 2年前
- AWS公式更新しました 8ヶ月前
Agreed to some minor extent, however the problem is that ports which are not listed are being allowed to connect to the instance..
Mar 6 12:41:40 ip-172-xx-x-xx sshd[8716]: Invalid user hanif from 188.166.225.37 port 39174 Mar 6 12:41:40 ip-172-xx-x-xx sshd[8716]: Received disconnect from 188.166.225.37 port 39174 so here we see port 39174 tried to connect... That port range is not from what I can see exposed as I have 21, 22, 80, and 28960-28965 listed. So what I am trying to determine is why is 39174 being allowed to connect to the machine ? And what steps would I take to prevent that from being allowed ?