Snaha o útok z Iránu

Josef Smidrkal josef.smidrkal na mensa.cz
Středa Březen 2 07:25:44 CET 2005


Petr Vileta píše v St 02. 03. 2005 v 01:10 +0100:
> Pavel Kankovsky wrote:
> > On Tue, 1 Mar 2005, Josef Smidrkal wrote:
> >
> >> Měl jsem před nedávnem na serveru docela zajímavý "pokus o kontakt" až
> >> z Iránu. Že by byl Linux tak populární i tam??? :o))) Více v přílohách.
> >
> > To se nesmite divit, ze se o Vas pocitac zajimaji z Iranu, kdyz jste ho
> > nazval "ninive". :)
> >
> > Vazne: tohle je poslednich par mesicu casty jev. Pachatele jsou ze vsech
> > moznych koutu planety. Svetem se totiz siri cosi (mozna automaticky,
> > mozna poloautomaticky), co hleda uctu se slabym heslem, na ktere by se
> > to cosi mohlo prihlasit pres SSH.
> >
> Ano, asi to bude nejaky virus. Podle tech vypisu tam provozuji Windows,
> takze virus to muze byt a podle whois je to zrejme nejaka statni nebo
> verejna knihovna, takze to virus je temer urcite :-)
> Ja na to pod widlema pouzil Advanced Port Scanner a naslo to jeste otevreny
> port 110 ;-)
> --
> Petr

Windowsy mne tam také překvapily. Email v "Abuse" z whois záznamu
nefunguje, mmm...
Ale jak tak postupně pročítám logy, kromě dalších (accessl.log.others)
tu byl i nějaký docela slušný pokus (access.0.log) z USA
(69-56-187-6.theplanet.com). A nebo že by virus cestou do Ameriky
prodělal vývoj? ;o)

Šmidra
------------- další část ---------------
A non-text attachment was scrubbed...
Name: access.0.log
Type: text/x-log
Size: 3090 bytes
Desc: [žádný popis není k dispozici]
URL: <http://www.linux.cz/pipermail/linux/attachments/20050302/282a2c29/attachment.bin>
------------- další část ---------------
Feb 28 09:54:17 ninive sshd[11155]: Failed password for root from 211.158.7.250 port 4964 ssh2
Feb 28 09:54:25 ninive sshd[11157]: Failed password for root from 211.158.7.250 port 1043 ssh2
Feb 28 11:06:33 ninive sshd[11182]: Failed password for root from 220.194.58.113 port 59074 ssh2
Feb 28 13:14:32 ninive sshd[11252]: Failed password for root from 69.11.82.80 port 59127 ssh2
Feb 28 13:14:34 ninive sshd[11254]: Failed password for root from 69.11.82.80 port 59160 ssh2
Feb 28 13:14:36 ninive sshd[11256]: Failed password for root from 69.11.82.80 port 59191 ssh2
Feb 28 13:14:37 ninive sshd[11258]: Failed password for root from 69.11.82.80 port 59224 ssh2
Feb 28 13:14:39 ninive sshd[11260]: Failed password for root from 69.11.82.80 port 59258 ssh2
Feb 28 13:14:41 ninive sshd[11262]: Failed password for root from 69.11.82.80 port 59293 ssh2
Feb 28 13:14:42 ninive sshd[11264]: Failed password for root from 69.11.82.80 port 59326 ssh2
Feb 28 13:14:44 ninive sshd[11266]: Failed password for root from 69.11.82.80 port 59359 ssh2
Feb 28 16:54:17 ninive sshd[11343]: Illegal user slapme from 211.101.6.61
Feb 28 16:54:18 ninive sshd[11343]: error: Could not get shadow information for NOUSER
Feb 28 16:54:18 ninive sshd[11343]: Failed password for illegal user slapme from 211.101.6.61 port 52516 ssh2
Feb 28 16:54:22 ninive sshd[11345]: Illegal user oracle from 211.101.6.61
Feb 28 16:54:23 ninive sshd[11345]: error: Could not get shadow information for NOUSER
Feb 28 16:54:23 ninive sshd[11345]: Failed password for illegal user oracle from 211.101.6.61 port 52583 ssh2
Feb 28 16:54:26 ninive sshd[11347]: Illegal user www from 211.101.6.61
Feb 28 16:54:26 ninive sshd[11347]: error: Could not get shadow information for NOUSER
Feb 28 16:54:26 ninive sshd[11347]: Failed password for illegal user www from 211.101.6.61 port 52631 ssh2
Feb 28 16:54:37 ninive sshd[11349]: Did not receive identification string from 211.101.6.61
Mar  1 16:10:00 ninive sshd[11958]: Failed password for root from 62.193.226.4 port 36654 ssh2
Mar  1 16:10:07 ninive sshd[11960]: Failed password for root from 62.193.226.4 port 37070 ssh2
Mar  1 16:10:13 ninive sshd[11962]: Failed password for root from 62.193.226.4 port 37510 ssh2
Mar  1 16:10:20 ninive sshd[11964]: Failed password for root from 62.193.226.4 port 37943 ssh2
Mar  1 16:10:27 ninive sshd[11966]: Failed password for root from 62.193.226.4 port 38420 ssh2
Mar  1 16:10:35 ninive sshd[11968]: Failed password for root from 62.193.226.4 port 38845 ssh2
Mar  1 16:10:42 ninive sshd[11970]: Failed password for root from 62.193.226.4 port 39225 ssh2
Mar  1 16:10:49 ninive sshd[11972]: Failed password for root from 62.193.226.4 port 39613 ssh2


Další informace o konferenci Linux