Results 1 to 7 of 7

Thread: Scanare brute force port 22

  1. 25-06-09, 01:39 #1
    skkip3r
    skkip3r is offline
    Standard RSP member skkip3r's Avatar
    Join Date
    11 Nov 2008
    Posts
    40
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default Scanare brute force port 22

    Am port forwarding cate portul 22 al serverului de CCcam (ubuntu)
    Acum vreo 3 zile am gasit in PSAD scanari de pe un IP care dupa ce l-am verificat cu WHOIS aparea de Venezuela (ip care apare in listele publice de hack). De vreo 2 zile jegul face brute force si logari din fisiere cu user si pass predefinite pe portul 22 continuu. Pentru inceput am facut cateva filtrari cu iptables pe ip-urile respective (drop) dar metoda este inutila pentru ca scaneaza de pe mai multe ip-uri, iar cand spun multe ma refer la vreo 8 - 9 ip-uri in fiecare zi iar intensitatea o vedeti in frantura de log de mai jos (3 - 4 secunde).
    Ca sa va faceti idee despre ce vorbesc postez o secventa din /var/log/auth.log

    Jun 23 19:17:12 skkip3r-desktop sshd[11767]: Failed password for invalid user sales from 190.169.253.16 port 36769 ssh2
    Jun 23 19:17:15 skkip3r-desktop sshd[11771]: Invalid user recruit from 190.169.253.16
    Jun 23 19:17:15 skkip3r-desktop sshd[11771]: pam_unix(sshd:auth): check pass; user unknown
    Jun 23 19:17:15 skkip3r-desktop sshd[11771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
    grid-ccpd05.ucv.ve
    Jun 23 19:17:17 skkip3r-desktop sshd[11771]: Failed password for invalid user recruit from 190.169.253.16 port 38123 ssh2
    Jun 23 19:17:19 skkip3r-desktop sshd[11775]: Invalid user alias from 190.169.253.16
    Jun 23 19:17:19 skkip3r-desktop sshd[11775]: pam_unix(sshd:auth): check pass; user unknown
    Jun 23 19:17:19 skkip3r-desktop sshd[11775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
    grid-ccpd05.ucv.ve
    Jun 23 19:17:21 skkip3r-desktop sshd[11775]: Failed password for invalid user alias from 190.169.253.16 port 39518 ssh2
    Jun 23 19:17:26 skkip3r-desktop sshd[11779]: Invalid user office from 190.169.253.16
    Jun 23 19:17:26 skkip3r-desktop sshd[11779]: pam_unix(sshd:auth): check pass; user unknown
    Jun 23 19:17:26 skkip3r-desktop sshd[11779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
    grid-ccpd05.ucv.ve
    Jun 23 19:17:28 skkip3r-desktop sshd[11779]: Failed password for invalid user office from 190.169.253.16 port 40889 ssh2
    Jun 23 19:17:30 skkip3r-desktop sshd[11783]: Invalid user samba from 190.169.253.16
    Jun 23 19:17:30 skkip3r-desktop sshd[11783]: pam_unix(sshd:auth): check pass; user unknown
    Jun 23 19:17:30 skkip3r-desktop sshd[11783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
    grid-ccpd05.ucv.ve
    Jun 23 19:17:32 skkip3r-desktop sshd[11783]: Failed password for invalid user samba from 190.169.253.16 port 43161 ssh2
    Jun 23 19:17:35 skkip3r-desktop sshd[11787]: Invalid user tomcat from 190.169.253.16
    Jun 23 19:17:35 skkip3r-desktop sshd[11787]: pam_unix(sshd:auth): check pass; user unknown
    Jun 23 19:17:35 skkip3r-desktop sshd[11787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
    grid-ccpd05.ucv.ve
    Jun 23 19:17:37 skkip3r-desktop sshd[11787]: Failed password for invalid user tomcat from 190.169.253.16 port 44526 ssh2
    Jun 23 19:17:39 skkip3r-desktop sshd[11791]: Invalid user webadmin from 190.169.253.16
    Jun 23 19:17:39 skkip3r-desktop sshd[11791]: pam_unix(sshd:auth): check pass; user unknown
    Jun 23 19:17:39 skkip3r-desktop sshd[11791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
    grid-ccpd05.ucv.ve
    Jun 23 19:17:41 skkip3r-desktop sshd[11791]: Failed password for invalid user webadmin from 190.169.253.16 port 45928 ssh2
    Jun 23 19:17:43 skkip3r-desktop sshd[11795]: Invalid user spam from 190.169.253.16
    Jun 23 19:17:43 skkip3r-desktop sshd[11795]: pam_unix(sshd:auth): check pass; user unknown
    Jun 23 19:17:43 skkip3r-desktop sshd[11795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
    grid-ccpd05.ucv.ve
    Jun 23 19:17:45 skkip3r-desktop sshd[11795]: Failed password for invalid user spam from 190.169.253.16 port 47275 ssh2
    Jun 23 19:17:47 skkip3r-desktop sshd[11799]: Invalid user virus from 190.169.253.16
    Jun 23 19:17:47 skkip3r-desktop sshd[11799]: pam_unix(sshd:auth): check pass; user unknown
    Jun 23 19:17:47 skkip3r-desktop sshd[11799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
    grid-ccpd05.ucv.ve


    Daca aveti vreo sugestie, cei care va pricepeti, va rog sa postati.
    Reply With Quote Reply With Quote
  2. 25-06-09, 03:08 #2
    Admin
    Admin is offline
    Administrator
    Join Date
    31 Jan 2007
    Posts
    79
    Mentioned
    3 Post(s)
    Rep Power
    100

    Default Re: Scanare brute force port 22

    blok portu ssh
    Reply With Quote Reply With Quote
  3. 25-06-09, 08:48 #3
    skkip3r
    skkip3r is offline
    Standard RSP member skkip3r's Avatar
    Join Date
    11 Nov 2008
    Posts
    40
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default Re: Scanare brute force port 22

    Am nevoie de portul SSH
    Reply With Quote Reply With Quote
  4. 25-06-09, 09:25 #4
    eagle
    eagle is offline
    Standard RSP member eagle's Avatar
    Join Date
    29 Jun 2008
    Posts
    161
    Mentioned
    0 Post(s)
    Rep Power
    66

    Default Re: Scanare brute force port 22

    Cum se pot bloca atacuri DDOS in Linux cu psad

    http://www.osn.ro/?p=600
    Reply With Quote Reply With Quote
  5. 25-06-09, 14:21 #5
    kkidd
    kkidd is offline
    Standard RSP member
    Join Date
    24 May 2008
    Posts
    47
    Mentioned
    0 Post(s)
    Rep Power
    65

    Default Re: Scanare brute force port 22

    Pui in /etc/hosts.deny ... deny all
    Si in /etc/hosts.allow ... accept doar ip-urile/clasele de pe care te conectezi tu.

    Eu asa am facut si nu am probleme.
    Reply With Quote Reply With Quote
  6. 25-06-09, 16:35 #6
    skkip3r
    skkip3r is offline
    Standard RSP member skkip3r's Avatar
    Join Date
    11 Nov 2008
    Posts
    40
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default Re: Scanare brute force port 22

    Rezolvat cu hosts.deny si allow dar inca mai insist pe configurarile din psad

    Multumesc
    Reply With Quote Reply With Quote
  7. 01-07-09, 00:16 #7
    animax
    animax is offline
    Member Beginner
    Join Date
    30 Jun 2009
    Posts
    13
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default Re: Scanare brute force port 22

    E un atac brute force destul de frecvent .. in ultimul timp.. blochezi cu host.deny
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules