Nabourany RH 6.2

Jirka Nováček jnovacek na volny.cz
Středa Leden 2 06:57:03 CET 2002 

Dobry den. Behem oslav Noveho roku se mi nekdo naboural na server. Jedna se
o RedHat 6.2 CZ (poctive jsem tyden co tyden instaloval
opravy)(ssh-1.2.27-7i, kernel-2.2.19-6.2.12, glibc-2.1.3-23, atd.). V logu
jsem nasel nize uvedene hlasky. Nejsem z toho moc chytry. Muze mi nekdo
rict, jakym zpusobem se to dotycnemu povedlo?


Dec 30 12:20:24 linux sshd[24988]: connect from 213.168.207.78
Dec 30 12:20:24 linux sshd[24988]: log: Connection from 213.168.207.78 port
1941
Dec 30 12:20:32 linux sshd[24989]: connect from 213.168.207.78
Dec 30 12:20:32 linux sshd[24989]: log: Connection from 213.168.207.78 port
1942
Dec 30 12:20:39 linux sshd[24990]: connect from 213.168.207.78
.
- Takhle to jeste chvili pokracuje
.
Dec 30 12:24:33 linux sshd[25022]: log: Connection from 213.168.207.78 port
1975
Dec 30 12:24:41 linux sshd[25022]: fatal: Local: crc32 compensation attack:
network attack detected
.
.
.Dec 30 13:01:02 linux sshd[25254]: log: Connection from 212.171.56.166 port
3787
Dec 30 13:01:02 linux sshd[25254]: log: Could not reverse map address
212.171.56.166.
Dec 30 13:01:05 linux sshd[25254]: log: Unknown group id 516
Dec 30 13:01:05 linux PAM_pwdb[25254]: authentication failure; (uid=0) ->
dkk for ssh service
Dec 30 13:02:09 linux PAM_pwdb[25254]: (ssh) session opened for user dkk by
(uid=0)
Dec 30 13:02:09 linux sshd[25254]: log: Password authentication for dkk
accepted.
Dec 30 13:02:09 linux sshd[25254]: log: ROOT LOGIN as 'dkk' from
212.171.56.166
Dec 30 13:05:22 linux ftpd[25312]: FTP LOGIN REFUSED (username in
denied-uid) FROM 212.171.56.166 [212.171.56.166], dkk
Dec 30 13:05:34 linux ftpd[25312]: FTP session closed
Dec 30 13:06:05 linux PAM_pwdb[25316]: password for (sembol/542) changed by
(dkk/0)
Dec 30 13:06:17 linux ftpd[25317]: FTP LOGIN FROM 212.171.56.166
[212.171.56.166], sembol
Dec 30 13:10:15 linux ftpd[25317]: FTP session closed
Dec 30 13:15:24 linux sshd[25363]: connect from 212.171.56.166
Dec 30 13:15:24 linux sshd[25363]: log: Connection from 212.171.56.166 port
3803
Dec 30 13:15:24 linux sshd[25363]: log: Could not reverse map address
212.171.56.166.
Dec 30 13:15:40 linux sshd[25363]: fatal: Did not receive ident string.
Dec 30 13:16:06 linux ftpd[25367]: FTP session closed
Dec 30 13:36:43 linux sshd[698]: log: Generating new 768 bit RSA key.
Dec 30 13:36:45 linux sshd[698]: log: RSA key generation complete.
Dec 30 13:39:10 linux kernel: Kernel logging (proc) stopped.
Dec 30 13:39:10 linux kernel: Kernel log daemon terminating.
pro 30 13:39:11 linux syslog: klogd shutdown succeeded
Dec 30 13:39:11 linux exiting on signal 15
Dec 30 13:39:12 linux syslogd 1.3-3: restart.
pro 30 13:39:12 linux syslog: syslogd startup succeeded
pro 30 13:39:12 linux syslog: klogd startup succeeded

Další informace o konferenci Linux