- 最新
- 最多得票
- 最多評論
Hi
I would suggest to restrict the ports to the specific IP adress instead you open to world 0.0.0.0/0, So check the info from the link you have posted. I assume someone is trying to ssh into your server with random ports
Specifying source IP addresses
By default, firewall rules allow all IP addresses to connect to your instance through the specified protocol and port. This is ideal for traffic such as web browsers over HTTP and HTTPS. However, this poses a security risk for traffic such as SSH and RDP, since you would not want to allow all IP addresses to be able to connect to your instance using those applications. For that reason, you can choose to restrict a firewall rule to an IPv4 or IPv6 address or range of IP addresses.
For the IPv4 firewall - You can specify a single IPv4 address (for example, 203.0.113.1), or a range of IPv4 addresses. In the Lightsail console, the range can be specified using a dash (for example, 192.0.2.0-192.0.2.255) or in CIDR block notation (for example, 192.0.2.0/24). For more information about CIDR block notation, see Classless Inter-Domain Routing on Wikipedia.
For the IPv6 firewall - You can specify a single IPv6 address (for example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334), or a range of IPv6 addresses. In the Lightsail console, the IPv6 range can be specified using only CIDR block notation (for example, 2001:db8::/32). For more information about IPv6 CIDR block notation, see IPv6 CIDR blocks on Wikipedia.
相關內容
- AWS 官方已更新 3 年前
- AWS 官方已更新 10 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 8 個月前
Agreed to some minor extent, however the problem is that ports which are not listed are being allowed to connect to the instance..
Mar 6 12:41:40 ip-172-xx-x-xx sshd[8716]: Invalid user hanif from 188.166.225.37 port 39174 Mar 6 12:41:40 ip-172-xx-x-xx sshd[8716]: Received disconnect from 188.166.225.37 port 39174 so here we see port 39174 tried to connect... That port range is not from what I can see exposed as I have 21, 22, 80, and 28960-28965 listed. So what I am trying to determine is why is 39174 being allowed to connect to the machine ? And what steps would I take to prevent that from being allowed ?