12-07-2020, 06:08 PM
(12-07-2020, 05:41 PM)TheOldPresbyope Wrote: @UpsiUpsI agree, that the standard user "pi" is always a nice honey pot for hackers. That the reason why I only allow password-less login with PKI, where th eprivate key is secured in a HSM.
As far as logins are concerned, the obvious user account to attack via port 22 is "pi". Have you changed the default password? Any hacker worth their salt is running an automation-based attack armed with a list which includes various pi/<pw> combinations as well as volumio/volumio, etc., all scrapped from the InterWeb™ for use when RPis are discovered.
At my former employer, the Network Police would have been on my case soon after I connected an RPi if it weren't on a DMZ segment. They worked in a "shoot first, ask questions later" mode.
Regards,
Kent
In my young years as a consultant for HP Network Node Manager/ITO it was always interesting to discover the network and to see which new devices are shown on the map. And then use SNMP to get most out of these devices. Today at home, I don't use Nagio , Wireshark or other cool stuff that is eating too much of my time. So I try to prevent any of theses incidents by blocking ports or use only trusted sources. (Ok, I also use iCloud ... )
I am afraid, that in the end I need to build another wall of protection with another layer of network ( I already have guest, home & admin ) .But this is now far off-topic for moode
