Snaha o útok z Iránu
Josef Smidrkal
josef.smidrkal na mensa.cz
Úterý Březen 1 23:38:34 CET 2005
Zdravím.
Měl jsem před nedávnem na serveru docela zajímavý "pokus o kontakt" až z
Iránu. Že by byl Linux tak populární i tam??? :o))) Více v přílohách.
ps: port knock jsem musel přerušit, už mne to nebavilo. posílam i
ostatní "pokušitele" v access.log.others
RFC, dík.
Josef 'c0rg1' Šmidrkal
------------- další část ---------------
A non-text attachment was scrubbed...
Name: access.log
Type: text/x-log
Size: 14522 bytes
Desc: [žádný popis není k dispozici]
URL: <http://www.linux.cz/pipermail/linux/attachments/20050301/64314636/attachment.bin>
------------- další část ---------------
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 80.191.82.0 - 80.191.82.63
netname: KETABNET
descr: Khaneh-e-Ketab
descr: NO 1178 - Enqulab st-Tehran- Iran
country: IR
admin-c: SK9282-RIPE
tech-c: SK9282-RIPE
status: ASSIGNED PA
notify: IranBookHouse na hotmail.com
mnt-by: as12880-mnt
changed: bazargani na mail.dci.co.ir 20021228
source: RIPE
route: 80.191.0.0/16
descr: DCI-Route
origin: AS12880
mnt-by: AS12880-MNT
changed: alipour na mail.dci.co.ir 20041213
source: RIPE
person: Shirzad Karimi
address: Khaneh-e-Ketab
address: NO 1178 - Enqulab st - Tehran- Iran
phone: +98 21 6414898
fax-no: +98 21 6415360
e-mail: shirzadkarimi na yahoo.com
nic-hdl: SK9282-RIPE
notify: IranBookHouse na hotmail.com
changed: alipour na technologist.com 20000723
source: RIPE
------------- další část ---------------
1 gw (192.168.1.1) 0.684 ms 0.413 ms 0.257 ms
2 r2y1.chello.upc.cz (62.245.88.1) 101.890 ms 34.053 ms 5.933 ms
3 1hopsem-v101.dkm.cz (62.24.68.73) 229.315 ms 33.201 ms 19.876 ms
4 cz-prg01a-ra2-ge0-0-0-v20.aorta.net (213.46.172.9) 61.826 ms 82.145 ms 83.162 ms
5 at-vie01a-rd1-pos-1-0-0.aorta.net (213.46.160.53) 70.594 ms 67.061 ms 79.631 ms
6 nl-ams02a-rd1-ge-9-1.aorta.net (213.46.160.245) 112.635 ms 98.250 ms 97.276 ms
7 uk-lon01a-rd2-pos-1-3.aorta.net (213.46.160.85) 39.867 ms 38.289 ms 71.945 ms
8 uk-lon01a-ri2-pos-3-0.aorta.net (213.46.174.78) 117.398 ms 90.640 ms 92.364 ms
9 peer2.ldn1.flagtel.com (195.66.226.146) 89.185 ms 91.889 ms 107.819 ms
10 pos-3-1.0.ecr01.teh001.flagtel.com (62.216.128.170) 215.010 ms 231.211 ms 200.075 ms
11 62.216.144.162 (62.216.144.162) 213.121 ms 214.903 ms 207.015 ms
12 217.218.127.161 (217.218.127.161) 268.130 ms 271.714 ms 262.936 ms
13 217.218.127.140 (217.218.127.140) 275.146 ms 294.422 ms 246.741 ms
14 217.218.146.201 (217.218.146.201) 246.172 ms 243.018 ms 245.734 ms
15 217.218.154.250 (217.218.154.250) 270.661 ms 283.637 ms 260.089 ms
16 217.218.154.253 (217.218.154.253) 203.834 ms 202.964 ms 205.236 ms
17 217.218.155.1 (217.218.155.1) 212.866 ms 207.343 ms 223.317 ms
18 217.218.128.253 (217.218.128.253) 203.715 ms 226.114 ms 205.105 ms
19 217.218.128.1 (217.218.128.1) 215.784 ms 203.237 ms 225.092 ms
20 80.191.82.3 (80.191.82.3) 246.082 ms 260.329 ms 272.189 ms
21 80.191.82.6 (80.191.82.6) 299.137 ms 314.432 ms 309.767 ms
------------- další část ---------------
Feb 28 09:54:17 ninive sshd[11155]: Failed password for root from 211.158.7.250 port 4964 ssh2
Feb 28 09:54:25 ninive sshd[11157]: Failed password for root from 211.158.7.250 port 1043 ssh2
Feb 28 11:06:33 ninive sshd[11182]: Failed password for root from 220.194.58.113 port 59074 ssh2
Feb 28 13:14:32 ninive sshd[11252]: Failed password for root from 69.11.82.80 port 59127 ssh2
Feb 28 13:14:34 ninive sshd[11254]: Failed password for root from 69.11.82.80 port 59160 ssh2
Feb 28 13:14:36 ninive sshd[11256]: Failed password for root from 69.11.82.80 port 59191 ssh2
Feb 28 13:14:37 ninive sshd[11258]: Failed password for root from 69.11.82.80 port 59224 ssh2
Feb 28 13:14:39 ninive sshd[11260]: Failed password for root from 69.11.82.80 port 59258 ssh2
Feb 28 13:14:41 ninive sshd[11262]: Failed password for root from 69.11.82.80 port 59293 ssh2
Feb 28 13:14:42 ninive sshd[11264]: Failed password for root from 69.11.82.80 port 59326 ssh2
Feb 28 13:14:44 ninive sshd[11266]: Failed password for root from 69.11.82.80 port 59359 ssh2
Feb 28 16:54:17 ninive sshd[11343]: Illegal user slapme from 211.101.6.61
Feb 28 16:54:18 ninive sshd[11343]: error: Could not get shadow information for NOUSER
Feb 28 16:54:18 ninive sshd[11343]: Failed password for illegal user slapme from 211.101.6.61 port 52516 ssh2
Feb 28 16:54:22 ninive sshd[11345]: Illegal user oracle from 211.101.6.61
Feb 28 16:54:23 ninive sshd[11345]: error: Could not get shadow information for NOUSER
Feb 28 16:54:23 ninive sshd[11345]: Failed password for illegal user oracle from 211.101.6.61 port 52583 ssh2
Feb 28 16:54:26 ninive sshd[11347]: Illegal user www from 211.101.6.61
Feb 28 16:54:26 ninive sshd[11347]: error: Could not get shadow information for NOUSER
Feb 28 16:54:26 ninive sshd[11347]: Failed password for illegal user www from 211.101.6.61 port 52631 ssh2
Feb 28 16:54:37 ninive sshd[11349]: Did not receive identification string from 211.101.6.61
Mar 1 16:10:00 ninive sshd[11958]: Failed password for root from 62.193.226.4 port 36654 ssh2
Mar 1 16:10:07 ninive sshd[11960]: Failed password for root from 62.193.226.4 port 37070 ssh2
Mar 1 16:10:13 ninive sshd[11962]: Failed password for root from 62.193.226.4 port 37510 ssh2
Mar 1 16:10:20 ninive sshd[11964]: Failed password for root from 62.193.226.4 port 37943 ssh2
Mar 1 16:10:27 ninive sshd[11966]: Failed password for root from 62.193.226.4 port 38420 ssh2
Mar 1 16:10:35 ninive sshd[11968]: Failed password for root from 62.193.226.4 port 38845 ssh2
Mar 1 16:10:42 ninive sshd[11970]: Failed password for root from 62.193.226.4 port 39225 ssh2
Mar 1 16:10:49 ninive sshd[11972]: Failed password for root from 62.193.226.4 port 39613 ssh2
------------- další část ---------------
+-----------------------------------------------------------------------------+
|--=| k n o c k e r -- t h e -- n e t -- p o r t s c a n n e r |=-=[ 0.7.1 ]=-|
+-----------------------------------------------------------------------------+
- started by user josef on Tue Mar 1 22:58:26 2005
- hostname to scan: 80.191.82.6
- resolved host ip: 80.191.82.6
- - scan from port: 1
- - - scan to port: 10000
- - - - scan type: tcp connect
+=- - - - - - - - - - - - - - - - - - - - - - - - - - - - - s c a n n i n g -
-=[ 7/tcp, echo ]=- * OPEN *
-=[ 9/tcp, discard ]=- * OPEN *
-=[ 13/tcp, daytime ]=- * OPEN *
-=[ 17/tcp, qotd ]=- * OPEN *
-=[ 19/tcp, chargen ]=- * OPEN *
-=[ 25/tcp, smtp ]=- * OPEN *
-=[ 42/tcp, nameserver ]=- * OPEN *
-=[ 49/tcp, tacacs ]=- * OPEN *
-=[ 53/tcp, domain ]=- * OPEN *
-=[ 80/tcp, www ]=- * OPEN *
-=[ 113/tcp, auth ]=- * OPEN *
-=[ 119/tcp, nntp ]=- * OPEN *
-=[ 443/tcp, https ]=- * OPEN *
-=[ 563/tcp, nntps ]=- * OPEN *
-=[ 1025/tcp, unknown ]=- * OPEN *
-=[ 1029/tcp, unknown ]=- * OPEN *
-=[ 1032/tcp, unknown ]=- * OPEN *
-=[ 1035/tcp, unknown ]=- * OPEN *
-=[ 1041/tcp, unknown ]=- * OPEN *
-=[ 1050/tcp, unknown ]=- * OPEN *
-=[ 1055/tcp, unknown ]=- * OPEN *
-=[ 3372/tcp, unknown ]=- * OPEN *
-=[ 3389/tcp, unknown ]=- * OPEN *
Další informace o konferenci Linux