mesh-Based IRC chat

中文Subscribe

Search

• Products
  • SoCs
    • All
    • ESP32-S
      • ESP32-S2
      • ESP32-S3
    • ESP32-C
      • ESP32-C2
      • ESP32-C3
      • ESP32-C6
    • ESP32
    • ESP8266
    • ESP SoC & Module Selector
  • Modules
    • All
    • ESP32-S
      • ESP32-S2
      • ESP32-S3
    • ESP32-C
      • ESP32-C2
      • ESP32-C3
      • ESP32-C6
    • ESP32
    • ESP8266
  • DevKits
    • All
    • ESP32-DevKitC
    • ESP-EYE
    • ESP Audio DevKits
    • ESP32-GoogleCloud IoT Kit
    • ESP32-Azure IoT Kit
  • SDKs
    • IoT Development Framework
    • ESP8266_RTOS_SDK
    • ESP HomeKit SDK
    • Audio Development Framework
    • Mesh Development Framework
    • ESP32 for Arduino
    • ESP-AT
  • Equipment
    • Testing Equipment
  • Services
    • Design & Certification Services
    • Manufacturing Services
    • Longevity Commitment
• Solutions
• Support
• Ecosystem
• Company
• Join Us
• Contact Us

• 

  ESP-WIFI-MESH

  Scale Up IoT with Wi-Fi Mesh Network

  More smart devices for a ​better life

• Overview
• Resources

ESP-WIFI-MESH

ESP-WIFI-MESH is a wireless communication network with nodes organized in a mesh topology using the simultaneous AP-STA feature on Espressif SoCs. It provides a self-forming and self-healing network, with ease of deployment. The network topology of ESP-WIFI-MESH can scale up to 1000 nodes in large areas, without requiring any specific Wi-Fi infrastructure support. ESP-WIFI-MESH can also be used to cover Wi-Fi blind spots in home-deployment scenarios where the Wi-Fi signal cannot be reached.

Easy and Secure Setup

We provide ready-to-use, yet customizable, phone apps that facilitate the auto-discovery of new nodes and allow their easy configuration with the Bluetooth LE method. This method ensures that the configuration is pushed securely to the nodes at scale. This enables the ESP-WIFI-MESH administrator to manage node groupings and choose the best routing for any given deployment.

Self-forming and Self-healing

In the auto-routing mode, the ESP-WIFI-MESH network gets formed automatically, according to the signal strength values of peers seen by the nodes. This mode also facilitates the automatic reconnection between different nodes, whenever a parent node goes off. This offers automatic healing and provides fail-safety within the mesh.

No Extra Gateways Required

Typically other mesh networks require additional mesh infrastructure equipment to cover wider areas. ESP-WIFI-MESH does not require any additional equipment to form a network. It also scales well with a low-capacity Wi-Fi access point, since the access point is completely unaware of the existence of ESP-WIFI-MESH nodes.

IP Connectivity

All the nodes in the ESP Mesh network can get IP connectivity and communicate both with each other and the external world. The internet access of these nodes is provided by a root node acting either as a NAT or a bridge.

Secure by Design

ESP-WIFI-MESH is based on standard Wi-Fi connectivity and it can use standard WPA2 network security among the mesh nodes to ensure communication security.

Applications

• Smart Lighting: smart lights, lighting networks
• Smart Home: smart switches, sockets, plugs, etc.
• Automation: big parking lots, small factories, shared offices

Benefits of the ESP-WIFI-MESH

ESP-WIFI-MESH Lighting Solution

Watch the Video

ESP32-MeshKit-Sense

ESP32-MeshKit-Light

ESP-MDF Github

ESP-MDF Develop

2022 ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. All rights reserved.

690 Bibo Road Block 2 Suite 204, Zhangjiang Shanghai, China

SSH BRUTE FORCE ATTACKS HAVE SLOWED

Chris Siebenmann :: CSpace » blog » sysadmin » SSHBruteForceAttacksNoMoreHere

Large scale Internet SSH brute force attacks seem to have stopped here

August 27, 2022

The last time I paid attention to what happened when you exposed an SSH port on the Internet was years and years ago, when I gave up being annoyed by log messages and either stopped paying attention or firewalled of my SSH ports from the general Internet. Back then, it was received wisdom (and my general experience) that having an SSH port open drew a constant stream of SSH brute force attacks against a revolving cast of whatever logins the attackers could come up with.

Recently I set up a Grafana Loki setup that captures our systemd logs. As part of getting some use out of it (beyond questions about how server clocks drift), I built a Grafana dashboard that reports on SSH authentication failures across our Ubuntu fleet (among other things). What I saw surprised me, because what our exposed SSH servers experience today seems to be nothing like it was in the past.

(One caution is that it may be that most attackers no longer direct their attention against universities at all, and now aim their scans at, say, cloud providers, which could be much richer territory for insecure SSH servers.)

For the most part, SSH brute force attacks against us are gone. When they appear in some time period, they come in high volume from single IP addresses (or only a few IP addresses); some of the time these are cloud server IPs. Almost all of the brute force attacks are directed against the 'root' account, and any single round tends to be directed against only a single one of our servers rather than being spread over multiple ones. As mentioned, attacks are bursty; there are periods with no login attempts and then periods where someone apparently fires up a single attacking IP address for an hour or a day.

For some numbers, over the past 7 days we had 24,000 attempts against 'root' and only 749 against the next most popular target, which is a login name ('admin') that doesn't even exist here. Just over 10,000 of those attempts came from a single IP address, and just four IPs made 1,000 or more attempts against anything. Besides root, only five login names had more than 100 attempts (and none of them exist here): 'admin', 'user', 'ubuntu', 'debian', and 'pi'. And only three machines saw more than 1,000 attempts (across all targeted login names).

One of the things I've learned from this is that targeted blocking of only a few IPs is disproportionately effective at stopping brute force SSH attacks here. Also, since we already block Internet logins to 'root', we're in almost no danger. No matter how many times they try, they have literally no chance of success.

(It does make me curious about what sort of passwords they're trying for 'root'. But not curious enough to set up a honeypot SSH server and then try to give it a hostname that's interesting enough to attract attackers.)

Written on 27 August 2022.

« Using systemd timers to run things frequently (some early notes)

Getting USB TEMPer2 temperature sensor readings into Prometheus (on Linux) »

These are my WanderingThoughts

(About the blog)

Full index of entries

Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.

Twitter: @thatcks

Mastodon: @cks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

Also: (Sub)topics

This is a DWiki.

GettingAround

(Help)

Page tools: View Source, Add Comment.

Search:

Atom Syndication: Recent Comments.

Last modified: Sat Aug 27 22:04:12 2022

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.

turn the tables on tracking.

Exert technological know-how into real world AGENCY and make change.

 A new digital age and the evolution from data sheep to data brokers.

 

If you've followed the early entertainment in this subject, you'd understand humanity is now inevitability bound for better or worse to the even advance of Technology.  Our cybernetic devices, if you own phones, tablets, and computers your a cyborg simply an high latency one.  

But today all our devices have turned us into walking data farms, more importantly; money farms.

Is it not time we give up this passive mindset and move forward as true AGENTS (that is exerting our agency into the world).  We can accomplish this with a small change, simply do you research on the devices you use,  learn to professional work with those devices so you can use them proactively or provocatively.  No longer giving them our lives in data form but forcing them to pay to take it or pay us for it.