[FADCA] Security guidelines

Chuck Hast wchast at gmail.com
Wed Mar 3 16:02:12 EST 2010 

On Wed, Mar 3, 2010 at 15:51, Royce, Philip <proyce at alachuasheriff.org> wrote:
> This whole subject matter seems to be a rant instead of a focus.
>
> To answer your first question: All policies are governed by FISMA and
> NIST, if you don't already know these then you might want to review them
> yourself, and to consider a low population, low usage Private LAN has to
> be governed in a manner such as the Federal Comsat is absurd, please
> re-evaluate the manner in which you want to approach this.
>
> To address your second email: From your description of your AMPR network
> maybe you should consider turning yours down since there seems to be
> that much intrusion. I would assume that Brian Kantor and the University
> of Cal do not know that the network is being effected in this way or
> being represented as such, but thank you for the enlightenment, must be
> all those MIT and Purdue students getting their thesis done.
>
>
> There is no issue unless you are making one about this, so this
> discussion is done I don't consider this a positive approach to ham
> radio so consider this station QRT unless there is a positive flow on
> this sig.  Please read my email about this matter in your personal mail.
>

Phil,
I do not care to get sucked into this, Jerry lives in my area so he is
my resident nut... He has his good points and his bad, we are seeing
a mix of them now, but I will make one comment, this is sent to you
as I REALLY do not need to get involved, I am very busy trying to find
a job and meanwhile I am doing anything I can to pay the bills, so I
do not want to get pulled into this discussion.

When  I was running my FPAC switch here, back about 4-5 years ago
I noticed a lot of activity, I started monitoring the logs and saw that
the bad guys where trying to punch through my system they were
targeting my ssh port, I collected a very good set of logs and called
the FBI, I told them what the device was used for and they took VERY
high interest in it. They asked me for logs and more logs, I even offered
them access to the machine which they declined, they did not want
to be seen accessing it, but they asked me for logs for about a week
straight. I never found out who is was, but the drift was chinese by
indirect inference. After it was all done I changed the ssh port to a
weird number and saw no more attempts to access the system. Using
port 22 they could scan it real fast and then try to hit it, the way I
found it was that my auth logs were filling up fast, so fast that logrotate
was not getting them rotated out fast enough. I am sure that Jerry is
seeing the same thing, when I had it I commented it to Bud and others
indeed I had told Jerry about it, the general consensus was to change
the port and check other security and leave it at that, once I changed
the port I did not have any more issues, I think we were all using like
32222 or something like that.

Jerry does get way carried away, I generally just try to give him wide
berth because he does not know when to stop.


-- 
Chuck Hast  -- KP4DJT --
When the righteous are in authority, the people rejoice: but when the
wicked beareth rule the people mourn.  Prov 29:2 KJV

More information about the FADCA mailing list