Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

Re: lug-bg: Питане отностно message log


  • Subject: Re: lug-bg: Питане отностно message log
  • From: Danail Petrow <oneofus@xxxxxxxxxxxxx>
  • Date: Sun, 19 Sep 2004 09:05:51 +0300

Vladimir Paskov wrote:

Здравеите пак, значи малка добавка към логовете,единственото което
схванах досега бе че този които се опитва да направи нещо пуска един
nmap и след това се опитва да ми налучка паролата.

Sep 12 05:25:29 xpman sshd[13871]: Illegal user test from 218.36.49.208
Sep 12 05:25:29 xpman sshd[13871]: Failed password for illegal user test
from 218.36.49.208 port 50161 ssh2
Sep 12 05:25:32 xpman sshd[13873]: Illegal user guest from 218.36.49.208
Sep 12 05:25:32 xpman sshd[13873]: Failed password for illegal user
guest from 218.36.49.208 port 50279 ssh2
Sep 12 05:25:35 xpman sshd[13875]: Illegal user admin from 218.36.49.208
Sep 12 05:25:35 xpman sshd[13875]: Failed password for illegal user
admin from 218.36.49.208 port 50350 ssh2

On Sun, 2004-09-19 at 01:13 +0300, Vladimir Paskov wrote:
Здравеите група, допредималко правих обиколка из логовете на работната
ми машина и в /var/log/messages се натъкнах на следното:

Sep 18 23:58:44 xpman sshd[5562]: Invalid user test from 221.0.193.23
Sep 18 23:58:44 xpman sshd[5562]: Failed password for invalid user test
from 221.0.193.23 port 44298 ssh2
Sep 18 23:58:48 xpman sshd[5564]: Invalid user guest from 221.0.193.23
Sep 18 23:58:48 xpman sshd[5564]: Failed password for invalid user guest
from 221.0.193.23 port 44393 ssh2
Sep 18 23:58:52 xpman sshd[5566]: Invalid user admin from 221.0.193.23
Sep 18 23:58:52 xpman sshd[5566]: Failed password for invalid user admin
from 221.0.193.23 port 44472 ssh2
Sep 18 23:58:58 xpman sshd[5568]: Invalid user admin from 221.0.193.23
Sep 18 23:58:58 xpman sshd[5568]: Failed password for invalid user admin
from 221.0.193.23 port 44549 ssh2
Sep 18 23:59:05 xpman sshd[5570]: Invalid user user from 221.0.193.23
Sep 18 23:59:05 xpman sshd[5570]: Failed password for invalid user user
from 221.0.193.23 port 44659 ssh2
Sep 18 23:59:10 xpman sshd[5572]: Failed password for root from
221.0.193.23 port 44784 ssh2
Sep 18 23:59:14 xpman sshd[5574]: Failed password for root from
221.0.193.23 port 44876 ssh2
Sep 18 23:59:19 xpman sshd[5576]: Failed password for root from
221.0.193.23 port 44967 ssh2
Sep 18 23:59:23 xpman sshd[5581]: Invalid user test from 221.0.193.23
Sep 18 23:59:23 xpman sshd[5581]: Failed password for invalid user test
from 221.0.193.23 port 45045 ssh2

Предполагам, че някои е правил опити да влезе в машината ми,или несъм
прав? Бихтели ми казали за какво иде на въпрос и евентуално как да се
опазя.

Благодаря предварително за отговорите.

============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
towa e brutforce "exploit" za sshd ,
raboti na principa na dictionary based words , i prawi okolo 09482493 checka za edna minuta :) taka che ako imate paroli koito sa dictionary based , i ako ste dopusnali greshkata da ostawite PermitRootLogin Yes (v sshd_config) , shte vi se sluchi towa koeto se sluchi na men s edna mashina (chiato root parola beshe "password" :))

spasenieto za towa e mnogo lesno , /etc/hosts.deny , ili polzwai netfilter iptables/ipchains

Best Regards,
Danail Petrow ...


P.s. izvinete me za shliokavicata , chak sega se usetih che ne pisha na kirilica , a me murzi da go prepiswam na-nowo :)

============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================



 

наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.