Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ssh distributed dictionary attack... how many requests/sec?
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3, 4  Next  
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9846
Location: almost Mile High in the USA

PostPosted: Tue Jan 14, 2020 8:58 am    Post subject: ssh distributed dictionary attack... how many requests/sec? Reply with quote

curious of what other people are getting...

I'm getting almost 1 per 1.5 seconds on average for the past few months it seems. I started port blocking most of them as they tend to be the same hosts for large number of attempts, but there are the small fish that are equally as annoying. Almost 4000 unique hosts so far this year (2 weeks of attacks through Jan 14th).

Anyway with my current fail banning I got it down to about 15-20 attempts per hour that slip past the bans. This should at least slow down the dictionary about two orders of magnitude per hour. So at least I don't send responses but sh*t is still coming in. My IP link is not all that fast, I didn't calculate out how many bytes/sec this comes out to be...

I had forgotten I set up a secondary nonstandard port for ssh in case I locked myself out, but it seems they portscanned me and found it -- and started attacking that too. So I was forced to disable that, seems even if I moved my main port elsewhere, it wouldn't help for long.

*sigh*
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54639
Location: 56N 3W

PostPosted: Tue Jan 14, 2020 9:34 am    Post subject: Reply with quote

eccerr0r,

Is key based ssh login an option?
The attack will be guessing user names and passwords.
That does not stop the wasted bandwidth though.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9846
Location: almost Mile High in the USA

PostPosted: Tue Jan 14, 2020 9:38 am    Post subject: Reply with quote

Oh I'm not worried about them breaking into an account, password or kex. It's the wasted bandwidth I'm more worried about in general. Blocking the incoming packet at least saves my machine from transmitting outgoing packets, which is a more limited resource. But it's still wasting downlink.

At this point I just wonder if I'm being targeted more than other people or not for some reason or another. Curious if there's something that makes people want my machine more than others. or not.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
xahodo
Tux's lil' helper
Tux's lil' helper


Joined: 17 May 2007
Posts: 82
Location: Gouda, the Netherlands

PostPosted: Tue Jan 14, 2020 9:45 am    Post subject: Reply with quote

How about using port knocking? Leave ssh off and redirect all traffic coming in through the port to a tarpit, unless the correct knock comes in. If that happens, ssh is enabled and you can login.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9846
Location: almost Mile High in the USA

PostPosted: Tue Jan 14, 2020 9:47 am    Post subject: Reply with quote

Again this does not help against the bandwidth waste. If I was really concerned about temporarily unlocking sshd, I think I could easily hack up something silly for apache to unblock sshd, but this is besides the point...

... why me, or is everyone getting these things at 1-2 seconds apart?
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54639
Location: 56N 3W

PostPosted: Tue Jan 14, 2020 10:07 am    Post subject: Reply with quote

eccerr0r,

My logs for a bare metal box in a data centre are ..
Code:
/var/log/sshd # ls -l
total 4768
-rw-r--r-- 1 root root  972143 Jan 14 09:47 current
-rw-r--r-- 1 root root 1048582 Jan 12 23:37 log-2020-01-12-23:37:53
-rw-r--r-- 1 root root   33277 Jan 12 23:56 log-2020-01-13-00:00:17
-rw-r--r-- 1 root root 1048614 Jan 13 09:40 log-2020-01-13-09:40:09
-rw-r--r-- 1 root root 1048599 Jan 13 19:05 log-2020-01-13-19:05:52
-rw-r--r-- 1 root root  686859 Jan 14 00:00 log-2020-01-14-00:00:02

I get bursts. Today, they have only been attacking root, which isn't very clever.

Its a lot quieter on a KVM on the same IPv4 address that has its ssh on a non standard port.
Code:
/var/log/sshd # ls -l
total 676
-rw-r--r-- 1 root root  45423 Jan 14 09:56 current
-rw-r--r-- 1 root root 137909 Jan  9 23:59 log-2020-01-10-00:00:21
-rw-r--r-- 1 root root 117658 Jan 10 23:59 log-2020-01-11-00:01:21
-rw-r--r-- 1 root root 150619 Jan 11 23:58 log-2020-01-12-00:01:05
-rw-r--r-- 1 root root 105738 Jan 12 23:59 log-2020-01-13-00:01:05
-rw-r--r-- 1 root root  98557 Jan 13 23:57 log-2020-01-14-00:00:02


I don't know why I still have IPv4 ssh set up there as I only ever use ssh over IPv6.
Compare log file sizes for a rough approximation.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Tue Jan 14, 2020 11:38 am    Post subject: Reply with quote

Mine's somewhat quieter.
Code:
/var/log/sshd # ll
total 1024
-rw-r--r-- 1 root root  18081 Jan 14 11:28 current
-rw-r--r-- 1 root root   2549 Feb 11  2019 log-2019-02-12-04:44:04
-rw-r--r-- 1 root root   2876 Feb 12  2019 log-2019-02-13-01:07:26
-rw-r--r-- 1 root root   3941 Feb 13  2019 log-2019-02-14-01:00:16
-rw-r--r-- 1 root root   4552 Feb 14  2019 log-2019-02-15-01:46:04
-rw-r--r-- 1 root root   3084 Feb 15  2019 log-2019-02-16-06:34:13
-rw-r--r-- 1 root root  92063 Mar 14  2019 log-2019-03-15-10:01:18
-rw-r--r-- 1 root root  95077 Apr 13  2019 log-2019-04-14-02:44:03
-rw-r--r-- 1 root root  87435 May 13  2019 log-2019-05-14-11:31:09
-rw-r--r-- 1 root root 100064 Jun 12  2019 log-2019-06-13-06:11:57
-rw-r--r-- 1 root root  73488 Jul 12  2019 log-2019-07-13-01:37:48
-rw-r--r-- 1 root root  97801 Aug 12 00:27 log-2019-08-12-00:21:20
-rw-r--r-- 1 root root  88495 Sep 11 00:51 log-2019-09-11-00:01:33
-rw-r--r-- 1 root root  66994 Oct 10 19:28 log-2019-10-11-02:57:13
-rw-r--r-- 1 root root  71068 Nov  9 23:57 log-2019-11-10-00:19:08
-rw-r--r-- 1 root root 132524 Dec  9 20:20 log-2019-12-10-03:02:14
-rw-r--r-- 1 root root  74294 Jan  8 07:26 log-2020-01-09-02:03:29

No firewall, I just run it on a different port. I count exactly 1 unknown connection attempt in the logs (after filtering out known lines) and it appeared to be a blind port scan.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9846
Location: almost Mile High in the USA

PostPosted: Tue Jan 14, 2020 5:26 pm    Post subject: Reply with quote

Nice. My log files are like 16MB compressed per month now. This is current so far this month:
Code:
-rw-r----- 1 root wheel 139837513 Jan 14 10:48 messages

Last time I had a small compressed logfile archive was about 2 years ago, and it was 800KB (gzipped).

This is virtually a baremetal box as in it's a VM exposed to the outside world on the standard port. No advantage to being a VM other than being lazy and not wanting to reinstall the machine it replaced. The machine was my first ever Gentoo install whose disk image is still being used, still being updated since 2004!

The attacks I'm getting are for lots of random account names along with root, though with blocking I don't see the account anymore (of course). I might have to dedicate sshd (and smtp) stuff into its own file just so I can keep my other logging information clean of this garbage.

I still don't get why me. My network is slow.

I also wonder how fail2ban will work for ipv6 ... *shiver* will it need to ban /64's or more?

---
Edit
---
Kind of funny why am I bothering logging these syn packets. I think it's around 60-70 bytes for a SYN packet, and the default Linux log string saves almost 256 bytes in syslog, so I'm logging 4x the number of characters actually coming in... :)

---
Also
---

I'm up to thousands of /24s blocked in my iptables... Kind of funny watching iptables insert all the bans, it gets slower and slower to insert another rule as more and more get inserted...

---- 12 hours later ----
Code:
-rw-r----- 1 root wheel 146369057 Jan 14 22:21 messages

12 MB/day is it???

---- day later ----
Looks like there's a calm in the storm... there are a few minutes where I get no ssh connection attempts within the minute, but now I get a lot more ICMP packets. I suspect it's a *little* better since ICMP is smaller than TCP packets, but neither do me any good.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
cboldt
Veteran
Veteran


Joined: 24 Aug 2005
Posts: 1046

PostPosted: Thu Jan 16, 2020 10:22 pm    Post subject: Reply with quote

I picked up using ipset just because I imagined one day I'd have (or somebody other than me might claim) a need to ban thousands. One iptables rule to check the ipset. Never in my wildest dreams would I be banning thousands.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9846
Location: almost Mile High in the USA

PostPosted: Fri Jan 17, 2020 12:01 am    Post subject: Reply with quote

neat, didn't know about ipset, I may have to transition to that, this is starting to get slow.
I'm surprised nobody has ended up having to ban thousands. Right now I've actually not added to the ban list if the host only had one attempt, and I still have a net banlist with 1400 lines. The script tries to choose a /24 or /16 (!) ban depending on how many uniques try...

---

Well, I'm now transitioned to ipset -- and also changed my script from bash to perl, I can fully reprocess my banlists in just a few seconds where it was taking several minutes before... So much better... thanks.

I also wonder why people aren't dealing with thousands of bans, I suspect most people are seeing distributed dictionary attacks...
In fact the list of hosts that I ban probably would be of value to some people to populate their ban lists.

I'm now up over 4000 unique hosts, which crunches down to about 3500 /24's, and 2000 /16's if there are more than one /24 in the /16 in the botnet. The scary thing is that I'm not sure if this is all one botnet or multiple botnets, quite possibly there is more than one bad actor here.

Code:
-rw-r----- 1 root wheel 159819144 Jan 16 18:44 messages

_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
figueroa
Advocate
Advocate


Joined: 14 Aug 2005
Posts: 3007
Location: Edge of marsh USA

PostPosted: Fri Jan 17, 2020 5:35 am    Post subject: Reply with quote

I can't advise to help more with the bandwidth, but, in addition to using a non-standard ssh port, also set:
a low login grace time
a low MaxAuthTries, i.e. 2 or 3
definitely don't allow root user with a password (default)
consider using the AllowUsers to only allow one or the minimum actual users
consider using unusual or not common usernames, i.e. not fred, mike, sam, andy etc.
of course, use a hideous, long, impossible to guess password

Those are the main tricks I have up my sleeve.

I stopped reading firewall logs and I don't watch the stock market. I don't have the time or the disposition for it.

After reading this thread, I'm paranoid again. But, I must be doing somethings right.
Code:
jeremiah /var/log/sshd # ll
total 24
-rw-r--r-- 1 root root 3921 Jan 17 00:49 current
-rw-r--r-- 1 root root 2145 Jan 12 17:33 log-2020-01-13-00:16:06
-rw-r--r-- 1 root root  929 Jan 13 17:17 log-2020-01-14-19:16:41
-rw-r--r-- 1 root root  949 Jan 14 17:06 log-2020-01-15-13:17:19
-rw-r--r-- 1 root root  880 Jan 15 15:58 log-2020-01-16-12:46:09
-rw-r--r-- 1 root root   92 Jan 16 07:46 log-2020-01-17-02:19:47

_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi
Back to top
View user's profile Send private message
erm67
l33t
l33t


Joined: 01 Nov 2005
Posts: 653
Location: EU

PostPosted: Fri Jan 17, 2020 9:26 am    Post subject: Reply with quote

The solution is endlessh an ssh tarpit to slowdown attackers:
https://github.com/skeeto/endlessh
https://nullprogram.com/blog/2019/03/22/
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia

My fediverse account: @erm67@erm67.dynu.net
Back to top
View user's profile Send private message
cboldt
Veteran
Veteran


Joined: 24 Aug 2005
Posts: 1046

PostPosted: Fri Jan 17, 2020 11:07 am    Post subject: Reply with quote

I'm banning thousands now - but when I took up the task of learning how to use ipset, I didn't imagine that my system would ever have a practical need for it.

I ban by the /24. Some attackers (not many) attack from multiple IP, so my "ban counter" -- which times out attempts after minutes -- converts each individual IP (a /32) into the associated /24, and banning covers that chunk. Of the banned IP's, some of the /24's come from the same /16. I'm pretty sure if I banned by the /16 I'd still have thousands of entries. One machine is now hovering around 1500 bans (that's the one with ssh on port 2223), the other around 3000 (ssh port is 2222) but has been as high as 7000.
Back to top
View user's profile Send private message
cboldt
Veteran
Veteran


Joined: 24 Aug 2005
Posts: 1046

PostPosted: Fri Jan 17, 2020 11:10 am    Post subject: Reply with quote

Thanks for that tarpit suggestion. Great idea.
Back to top
View user's profile Send private message
erm67
l33t
l33t


Joined: 01 Nov 2005
Posts: 653
Location: EU

PostPosted: Fri Jan 17, 2020 12:49 pm    Post subject: Reply with quote

The scanners evolved and now drop the connection if they don't receive an answer quickly, however it will slow them down:

Code:

2020-01-17T10:57:48.552Z ACCEPT host=24.100.79.217 port=36409 fd=4 n=1/4096
2020-01-17T10:58:18.570Z CLOSE host=24.100.79.217 port=36409 fd=4 time=30.018 bytes=34
2020-01-17T11:52:47.514Z ACCEPT host=78.131.11.10 port=37938 fd=4 n=1/4096
2020-01-17T11:52:47.521Z ACCEPT host=78.131.11.10 port=37940 fd=5 n=2/4096
2020-01-17T11:53:07.532Z CLOSE host=78.131.11.10 port=37938 fd=4 time=20.018 bytes=32
2020-01-17T11:53:07.532Z CLOSE host=78.131.11.10 port=37940 fd=5 time=20.011 bytes=27

sendin a char every 5s instead of the default of 10s will keep them hanged for a longer time.
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia

My fediverse account: @erm67@erm67.dynu.net
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9846
Location: almost Mile High in the USA

PostPosted: Fri Jan 17, 2020 6:06 pm    Post subject: Reply with quote

How does the tarpit affect legitimate users also using password authentication?

I suppose if there's early on in the authentication that one is planning to use PKA that maybe this would work if one had the keys ready, but it seems like this would cause legitimate password users to fall into the pit as well.

Anyway after a few days of instituting simple /24 or /16 packet drop, the ssh attempts dropped a lot - still getting a few as they have a lot more machines than I have in my list, but at least the number of attempts have gone down significantly. The number of ICMPs has increased somewhat, but my network is a lot quieter than it was before. Before my machine was constantly sending and receiving packets, now I occasionally see 10 second breaks where there's silence.

Undesirable packets now received, roughly...
- fixed ssh port, few times per minute. Most are blocked but guessing passwords at 1 per 5 minutes is going to take a LONG time.
- fixed, alternate ssh port that I was using but now closed, once every 5 minutes or so. Looks like a handful of machines.
- Random port scans. People are distributedly trying to scan random ports on my machine. About a few a minute.
- Random pings - usually people send one ping from multiple hosts, also a few a minute
- Traceroute. Some people seem to be tracerouting me for whatever reason. once every 5 minutes or so.

People are occasionally attacking my IMAP server, but those don't happen frequently.

I am dismayed I had to go to these measures, breaking TCP/IP standards, just to reduce the amount of traffic I send out that does not benefit myself.

("fun" staring at tcpdump / wireshark output ... blahh...)
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
erm67
l33t
l33t


Joined: 01 Nov 2005
Posts: 653
Location: EU

PostPosted: Fri Jan 17, 2020 7:00 pm    Post subject: Reply with quote

eccerr0r wrote:
How does the tarpit affect legitimate users also using password authentication?

I am thinking about using https://linux.die.net/man/1/knockd for that, but I have noticed that redirecting port 22 and 2222 to the tarpit has reduced A LOT the attempt, most of them give up after attempting at port 22 some other try also port 2222 (all tutorials suggest to use 2222 as alternate port, they just try), the actual ssh port that I use is super secret and does not end in 22 :-)
eccerr0r wrote:

People are occasionally attacking my IMAP server, but those don't happen frequently.


I require a certificate to log into the IMAP port with dovecot, and use K9 on Android to read my mail, that has also reduced a lot the attempts on the IMAP ports.

I still have to find a good solution for the smtp port, sometimes there's a lot of unwanted traffic there as well.
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia

My fediverse account: @erm67@erm67.dynu.net
Back to top
View user's profile Send private message
axl
Veteran
Veteran


Joined: 11 Oct 2002
Posts: 1146
Location: Romania

PostPosted: Fri Jan 17, 2020 10:17 pm    Post subject: Reply with quote

not sure, we're all in the same spirit?

we talking about exposing our network to the internet. right?

well. postfix is a shit box. so much punishment from the internet. I'm glad I use postfix.

Like today was one of the worst days. over 10.000 different smtpd requests. from non fqdn and hosts that didn't have a reverse, or were listed on spamhaus.

Most days nobody knocks. today it was like a freaking explosion of attacks. from random ips. I just... started early... make a note, redirect to honeypot... come back later.


I can't ever get my honeypot right. I made a server. Whatever mail u want to send.. sure.. send it. whatever user and password u wanna try. sure... login. i made each line of code. i know my honeypot well. it does imap and pop and smtp but... even when you blindly like give access to someone, they wont do much with it.

like for the longest time I was bothered by access on cyrus imap. the pop3, the imap, the pop3s and imaps. and could figure out what was going on.

so instead of just iptables -j REJECT | DROP I decided to DNAT their ass to a honey pot. where the password would always be accepted. they would always get to send their fucking smtpd mail. and u know what they do? nothing. disconnect and move on. they are simply fishing.

which... bugged the living hell out of me. I'm currently looking for correlations with dns. like... one thing I have going for me... if they want to spam me, they gonna look at dns. and I can change that every hour.

u can't mail me if you dont know my mx. and changing the mx every hour... that ... gives some info. most people would not know the difference. but switching mx every hour and looking into dns logging.


now... you would expect... if I was a hacker I would just use google dns. but they dont. they use their own dns. so prior to every attack, ... there are some dns queries. like one second apart.
Back to top
View user's profile Send private message
erm67
l33t
l33t


Joined: 01 Nov 2005
Posts: 653
Location: EU

PostPosted: Fri Jan 17, 2020 10:46 pm    Post subject: Reply with quote

botnet
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia

My fediverse account: @erm67@erm67.dynu.net
Back to top
View user's profile Send private message
axl
Veteran
Veteran


Joined: 11 Oct 2002
Posts: 1146
Location: Romania

PostPosted: Fri Jan 17, 2020 10:49 pm    Post subject: Reply with quote

I have one user. poor old me.

i hope they dont read that and leave me alone. I would get bored.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Fri Jan 17, 2020 11:52 pm    Post subject: Reply with quote

erm67 wrote:
I require a certificate to log into the IMAP port with dovecot, and use K9 on Android to read my mail, that has also reduced a lot the attempts on the IMAP ports.

I still have to find a good solution for the smtp port, sometimes there's a lot of unwanted traffic there as well.

I do something similar, only exposing IMAP to the LAN and Wireguard. Don't have a good answer to the SMTP thing either, best I can do is greylisting.
Back to top
View user's profile Send private message
axl
Veteran
Veteran


Joined: 11 Oct 2002
Posts: 1146
Location: Romania

PostPosted: Fri Jan 17, 2020 11:55 pm    Post subject: Reply with quote

that's like cyrus port 993. imaps. yeah we all have that.

what do you do about legacy 25 port. :))
Back to top
View user's profile Send private message
axl
Veteran
Veteran


Joined: 11 Oct 2002
Posts: 1146
Location: Romania

PostPosted: Fri Jan 17, 2020 11:56 pm    Post subject: Reply with quote

or who was the last guy checking out the dns logs. seriously.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9846
Location: almost Mile High in the USA

PostPosted: Sat Jan 18, 2020 12:06 am    Post subject: Reply with quote

Yes the idea is to have a box exposed to the full internet, with personal "cloud" services. This is my piece of the cloud. Having everything blocked off of course would stop all "unwanted interest" but then I wouldn't have remote access yet still have full control of my hardware and data.

I would suspect hackers would rather want an ssh interactive account over imap/smtp or http account (most of these accounts nowadays are run as the same "user" and all are virtual accounts these days). I'd think those that attack these services are more for the mail data or identity theft, instead of the ssh interest for an interactive account that they could run arbitrary commands. But yes these are botnets, more likely botnets seeking to expand their botnet. I do wonder how many unique botnets, tough to tell.

Incidentally I do not get a whole bunch of smtp spam open relay searches. They end up getting dropped due to unwanted relay or spamhaus rejects. By far most of my attacks are ssh.

Question is, though one attack is annoying, how many over how long is worrisome?

And the other thing is that I get an eerily large number of ICMP echo requests -- not so much that it's DoS/DDoS, but there are people out there curious to know if my machine is up for whatever reason.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Anon-E-moose
Watchman
Watchman


Joined: 23 May 2008
Posts: 6176
Location: Dallas area

PostPosted: Sat Jan 18, 2020 12:47 am    Post subject: Reply with quote

eccerr0r wrote:
And the other thing is that I get an eerily large number of ICMP echo requests -- not so much that it's DoS/DDoS, but there are people out there curious to know if my machine is up for whatever reason.


You could always turn off responding to echo requests.
_________________
UM780, 6.1 zen kernel, gcc 13, profile 17.0 (custom bare multilib), openrc, wayland
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum