|
|
Re: lug-bg: Питане отностно message log
- Subject: Re: lug-bg: Питане отностно message log
- From: Danail Petrow <oneofus@xxxxxxxxxxxxx>
- Date: Sun, 19 Sep 2004 09:05:51 +0300
Vladimir Paskov wrote:
Здравеите пак, значи малка добавка към логовете,единственото което
схванах досега бе че този които се опитва да направи нещо пуска един
nmap и след това се опитва да ми налучка паролата.
Sep 12 05:25:29 xpman sshd[13871]: Illegal user test from 218.36.49.208
Sep 12 05:25:29 xpman sshd[13871]: Failed password for illegal user test
from 218.36.49.208 port 50161 ssh2
Sep 12 05:25:32 xpman sshd[13873]: Illegal user guest from 218.36.49.208
Sep 12 05:25:32 xpman sshd[13873]: Failed password for illegal user
guest from 218.36.49.208 port 50279 ssh2
Sep 12 05:25:35 xpman sshd[13875]: Illegal user admin from 218.36.49.208
Sep 12 05:25:35 xpman sshd[13875]: Failed password for illegal user
admin from 218.36.49.208 port 50350 ssh2
On Sun, 2004-09-19 at 01:13 +0300, Vladimir Paskov wrote:
Здравеите група, допредималко правих обиколка из логовете на работната
ми машина и в
/var/log/messages се натъкнах на следното:
Sep 18 23:58:44 xpman sshd[5562]: Invalid user test from 221.0.193.23
Sep 18 23:58:44 xpman sshd[5562]: Failed password for invalid user test
from 221.0.193.23 port 44298 ssh2
Sep 18 23:58:48 xpman sshd[5564]: Invalid user guest from 221.0.193.23
Sep 18 23:58:48 xpman sshd[5564]: Failed password for invalid user guest
from 221.0.193.23 port 44393 ssh2
Sep 18 23:58:52 xpman sshd[5566]: Invalid user admin from 221.0.193.23
Sep 18 23:58:52 xpman sshd[5566]: Failed password for invalid user admin
from 221.0.193.23 port 44472 ssh2
Sep 18 23:58:58 xpman sshd[5568]: Invalid user admin from 221.0.193.23
Sep 18 23:58:58 xpman sshd[5568]: Failed password for invalid user admin
from 221.0.193.23 port 44549 ssh2
Sep 18 23:59:05 xpman sshd[5570]: Invalid user user from 221.0.193.23
Sep 18 23:59:05 xpman sshd[5570]: Failed password for invalid user user
from 221.0.193.23 port 44659 ssh2
Sep 18 23:59:10 xpman sshd[5572]: Failed password for root from
221.0.193.23 port 44784 ssh2
Sep 18 23:59:14 xpman sshd[5574]: Failed password for root from
221.0.193.23 port 44876 ssh2
Sep 18 23:59:19 xpman sshd[5576]: Failed password for root from
221.0.193.23 port 44967 ssh2
Sep 18 23:59:23 xpman sshd[5581]: Invalid user test from 221.0.193.23
Sep 18 23:59:23 xpman sshd[5581]: Failed password for invalid user test
from 221.0.193.23 port 45045 ssh2
Предполагам, че някои е правил опити да влезе в машината ми,или несъм
прав? Бихтели ми казали за какво иде на въпрос и евентуално как да се
опазя.
Благодаря предварително за отговорите.
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
towa e brutforce "exploit" za sshd ,
raboti na principa na dictionary based words , i prawi okolo 09482493
checka za edna minuta :)
taka che ako imate paroli koito sa dictionary based , i ako ste
dopusnali greshkata da ostawite PermitRootLogin Yes (v sshd_config) ,
shte vi se sluchi towa koeto se sluchi na men s edna mashina (chiato
root parola beshe "password" :))
spasenieto za towa e mnogo lesno , /etc/hosts.deny , ili polzwai
netfilter iptables/ipchains
Best Regards,
Danail Petrow ...
P.s. izvinete me za shliokavicata , chak sega se usetih che ne pisha na
kirilica , a me murzi da go prepiswam na-nowo :)
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|
|
|