Wednesday, December 1, 2021

Question: I had port 22 open to the world by accident for 3-4 months. How likely do I have a hitchhiker in my network now?

Pretty much the title.

The device I use that had the port open is a Bobcat miner that uses a Rockchip PX30. The port was actually forwarded as well. The ssh login is not public knowledge and only known by bobcat support.

Knowing this, is it possible for someone to ssh into the rest of my network while not knowing the device ssh login?

The reason I ask is because I tried to setup a powershell smpt command and Microsoft straight up told me my IP is blacklisted. Going to https://check.spamhaus.org/ it looks like it's reporting HELO values that a device from my network is trying to reach. Having a hard time tracking down what's causing it.

Sorry if this is a stupid question, I'm not a network guy.

Edit: Spamhaus results

The most recent detection was on: December 1 2021, 23:30:00 UTC (+/- 5 minutes). The observed HELO values were f7t5ntu.giss.fr, k1kj.webacademy.com, pavuqt.adorebrides.co.uk, qwwg.leeandmorgan.com, xi7w.hotelzanzibar.com, jrhv3j.imex.ee, 5byonp5.themessinagroup.net, t5fkt.ericcrosson.com, tlyo8.izmirinvisalign.com, lew2.farmacom.med.br, rrfeq.promind.it, gwo7at.usd396.net.



No comments:

Post a Comment