Jönnek a nigg^W^W^W férgek


sshd[29529]: Failed password for root from 190.85.48.2 port 47577 ssh2
sshd[30006]: Failed password for invalid user backup from 190.85.48.2 port 59664 ssh2
sshd[30012]: Failed password for invalid user admin from 190.85.48.2 port 60142 ssh2
sshd[30019]: Failed password for invalid user mysql from 190.85.48.2 port 60598 ssh2
sshd[30114]: Failed password for invalid user ts from 190.85.48.2 port 35155 ssh2
sshd[30112]: Failed password for invalid user svn from 190.85.48.2 port 34183 ssh2
sshd[30110]: Failed password for invalid user temp from 190.85.48.2 port 33249 ssh2
sshd[30108]: Failed password for invalid user squid from 190.85.48.2 port 60556 ssh2
sshd[30095]: Failed password for invalid user user from 190.85.48.2 port 57057 ssh2
sshd[30101]: Failed password for invalid user jboss from 190.85.48.2 port 57927 ssh2
sshd[30083]: Failed password for invalid user test from 190.85.48.2 port 51035 ssh2
sshd[30068]: Failed password for invalid user guest from 190.85.48.2 port 43821 ssh2
sshd[30061]: Failed password for invalid user ftpuser from 190.85.48.2 port 42870 ssh2
sshd[30053]: Failed password for invalid user oracle from 190.85.48.2 port 38396 ssh2
sshd[30041]: Failed password for invalid user nagios from 190.85.48.2 port 33535 ssh2

Napok óta nem unja a gyökér :D


Starting Nmap 5.50 ( http://nmap.org ) at 2011-07-12 19:00 CEST
NSE: Loaded 57 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 19:00
Completed NSE at 19:00, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating Parallel DNS resolution of 1 host. at 19:00
Completed Parallel DNS resolution of 1 host. at 19:00, 0.68s elapsed
Initiating SYN Stealth Scan at 19:00
Scanning 190.85.48.2 [1000 ports]
Discovered open port 139/tcp on 190.85.48.2
Discovered open port 80/tcp on 190.85.48.2
Discovered open port 22/tcp on 190.85.48.2
Discovered open port 111/tcp on 190.85.48.2
Discovered open port 445/tcp on 190.85.48.2
Increasing send delay for 190.85.48.2 from 0 to 5 due to 36 out of 119 dropped probes since last increase.
Discovered open port 3128/tcp on 190.85.48.2
Completed SYN Stealth Scan at 19:00, 35.20s elapsed (1000 total ports)
Initiating Service scan at 19:00
Scanning 6 services on 190.85.48.2
Completed Service scan at 19:01, 11.85s elapsed (6 services on 1 host)
Initiating RPCGrind Scan against 190.85.48.2 at 19:01
Completed RPCGrind Scan against 190.85.48.2 at 19:01, 0.56s elapsed (1 port)
Initiating OS detection (try #1) against 190.85.48.2
Retrying OS detection (try #2) against 190.85.48.2
Initiating Traceroute at 19:01
Completed Traceroute at 19:01, 3.20s elapsed
Initiating Parallel DNS resolution of 16 hosts. at 19:01
Completed Parallel DNS resolution of 16 hosts. at 19:01, 13.00s elapsed
NSE: Script scanning 190.85.48.2.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 19:01
Completed NSE at 19:01, 3.74s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Nmap scan report for 190.85.48.2
Host is up (0.27s latency).
Not shown: 994 closed ports
PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 5.5p1 Debian 6 (protocol 2.0)
| ssh-hostkey: 1024 67:5a:23:ce:2b:d2:a5:ea:57:79:cb:cb:8b:44:df:6b (DSA)
|_2048 c4:1f:be:55:9f:30:82:b5:1f:84:8f:36:12:f4:c8:48 (RSA)
80/tcp   open  http        Apache httpd 2.2.16 ((Debian))
|_http-methods: GET HEAD POST OPTIONS
|_http-title: Index of /
111/tcp  open  rpcbind     2 (rpc #100000)
139/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: CYBERTEL)
445/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: CYBERTEL)
3128/tcp open  http-proxy  Squid webproxy 3.1.6
Device type: general purpose|terminal|WAP|firewall|storage-misc|broadband router
Running (JUST GUESSING): Linux 2.6.X|2.4.X (94%), IGEL Linux 2.6.X (93%), Check Point embedded (89%), Netgear RAIDiator 4.X (89%), AVM embedded (88%), Axcient embedded (88%), Excito Linux 2.6.X (88%), Actiontec embedded (88%)
Aggressive OS guesses: Linux 2.6.32 (94%), IGEL UD3 thin client (Linux 2.6) (93%), DD-WRT v23 (Linux 2.4.34) (91%), Linux 2.6.15 - 2.6.26 (91%), Linux 2.6.15 (Ubuntu) (90%), Linux 2.6.18 (90%), Linux 2.6.31 (90%), Check Point UTM-1 Edge X firewall (89%), Linux 2.6.23 (89%), Vyatta router (Linux 2.6.26) (89%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 5.004 days (since Thu Jul  7 18:55:34 2011)
Network Distance: 20 hops
TCP Sequence Prediction: Difficulty=194 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux

Hozzászólások

Hirtelen az jutott eszembe, vajon mi tortenne, ha csinalna az ember egy olyat, hogy az effele ip cimekrol jovo embereket portforwardolja vissza magukra?

Vajon feltornek magukat elobb-utobb?

--
|8]


[root@linux ~]# nmap -sT 190.85.48.2

Starting Nmap 5.51 ( http://nmap.org ) at 2011-07-12 20:16 CEST
Nmap scan report for 190.85.48.2
Host is up (0.22s latency).
Not shown: 991 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
25/tcp   filtered smtp
80/tcp   open     http
111/tcp  open     rpcbind
139/tcp  open     netbios-ssn
445/tcp  open     microsoft-ds
646/tcp  filtered ldp
711/tcp  filtered cisco-tdp
3128/tcp open     squid-http

Nmap done: 1 IP address (1 host up) scanned in 411.66 seconds

Ha van türelmed ezzel szórakozni: kippo, és meglátod, mihez kezdene, ha bejutna :)

Az ilyenek miatt van nalam iptables recent modul. Ha ssh-n percenkent 3-nal tobb probalkozas erkezik, akkor addig DROP-olja az illeto IP-t, amig abba nem hagyja a probalkozast (

update

opcio).