On Mon, Jan 19, 2026 at 07:52:34AM -0500, Nick Holland wrote: > On 1/18/26 15:04, Avon Robertson wrote: > > On Sun, Jan 18, 2026 at 03:10:49PM -0000, Stuart Henderson wrote: > > > On 2026-01-18, Avon Robertson <[email protected]> wrote: > > > > Initially, I will use your code to check for attempted logins on my > > > > home router. > > > > > > is authlog not enough for that? > > > > > > > > > -- > > > Please keep replies on the mailing list. > > > > > > > Hello Stuart. > > > > Thank you for your reply. authlog is certainly helpful. > > > > As my router potentially provides an entry point to many machines, > > I don't want to become complacent w.r.t. it's security. > > > > IF you have the system exposed to the outside world, you will see thousands > of failed login attempts per day. That's just normal on the Internet. > > It would probably be much more useful to list all SUCCESSFUL logins and > make sure they can be explained. Otherwise, you are going to be looking > for very tiny needles in a really big haystack. And there's not a whole > lot you can do about the Internet trying to log into your networks. > Simple fact of life. Much better to make sure all the needles are > yours, and ignore the hay. > > Make sure you have only key logins accepted. That way, unless your private > key escapes, you won't have a lot to worry about. And...do you really need > to permit external logins? yes, often that is needed, I get it. > > (some will advocate moving SSH to a different port. That is NOT a security > improvement...but it can significantly reduce the size of your logs, which > may be a good thing. Personally, the failed login attempts are a great > reminder to keep one's guard up: yes, they really are out to get you. :) ) > > Nick. >
Thank you for your relevant and helpful reply Nick. To date I have seen/found nothing to alarm me in the router's logs. The next paragraph is veering off topic but some users maybe unaware that many entities 'phone home'. I am wary of unwanted inbound and *outbound* traffic e.g.: I have PF rules to prevent my network HP printer sending a copy of every file that it prints, to an HP home base destination. -- aer
