@モナーの構築記録: 片手間鯖管理人は仕事中に攻撃を受けたらどうすべ?

2004年07月26日

片手間鯖管理人は仕事中に攻撃を受けたらどうすべ?

フツーに仕事してる最中、コンソールのモニタが真っ赤にスクロールした。

/var/log/secureを読むとsshでログインを試みてる。ログから一部抜粋。

Jul 24 10:13:21 g4server sshd[9064]: Failed password for illegal user ftp from 61.100.12.43 port 54846 ssh2
Jul 24 10:13:22 g4server sshd[9074]: Illegal user athena from 61.100.12.43
Jul 24 10:13:29 g4server sshd[9074]: Failed password for illegal user athena from 61.100.12.43 port 54859 ssh2
Jul 24 10:13:30 g4server sshd[9080]: Illegal user carlos from 61.100.12.43
Jul 24 10:13:38 g4server sshd[9080]: Failed password for illegal user carlos from 61.100.12.43 port 54875 ssh2
Jul 24 10:13:38 g4server sshd[9086]: Illegal user ronaldo from 61.100.12.43
Jul 24 10:13:46 g4server sshd[9086]: Failed password for illegal user ronaldo from 61.100.12.43 port 54889 ssh2
Jul 24 10:13:47 g4server sshd[9092]: Illegal user beckham from 61.100.12.43
Jul 24 10:13:54 g4server sshd[9092]: Failed password for illegal user beckham from 61.100.12.43 port 54900 ssh2
Jul 24 10:13:55 g4server sshd[9098]: Illegal user silcs from 61.100.12.43
Jul 24 10:14:02 g4server sshd[9098]: Failed password for illegal user silcs from 61.100.12.43 port 54910 ssh2
Jul 24 10:14:03 g4server sshd[9104]: Illegal user britney from 61.100.12.43
Jul 24 10:14:10 g4server sshd[9104]: Failed password for illegal user britney from 61.100.12.43 port 54922 ssh2
Jul 24 10:14:11 g4server sshd[9110]: Illegal user unixowns from 61.100.12.43
Jul 24 10:14:19 g4server sshd[9110]: Failed password for illegal user unixowns from 61.100.12.43 port 54931 ssh2
Jul 24 10:14:19 g4server sshd[9116]: Illegal user solid from 61.100.12.43
Jul 24 10:14:27 g4server sshd[9116]: Failed password for illegal user solid from 61.100.12.43 port 54943 ssh2
Jul 24 10:14:28 g4server sshd[9122]: Illegal user vobtrader from 61.100.12.43
Jul 24 10:14:35 g4server sshd[9122]: Failed password for illegal user vobtrader from 61.100.12.43 port 54954 ssh2
Jul 24 10:14:36 g4server sshd[9128]: Illegal user l33t from 61.100.12.43
Jul 24 10:14:43 g4server sshd[9128]: Failed password for illegal user l33t from 61.100.12.43 port 54972 ssh2
Jul 24 10:14:44 g4server sshd[9134]: Illegal user medusa from 61.100.12.43
Jul 24 10:14:51 g4server sshd[9134]: Failed password for illegal user medusa from 61.100.12.43 port 54985 ssh2
Jul 24 10:14:52 g4server sshd[9140]: Illegal user pyro from 61.100.12.43
Jul 24 10:14:59 g4server sshd[9140]: Failed password for illegal user pyro from 61.100.12.43 port 54997 ssh2
Jul 24 10:15:00 g4server sshd[9146]: Illegal user fire from 61.100.12.43
Jul 24 10:15:08 g4server sshd[9146]: Failed password for illegal user fire from 61.100.12.43 port 55009 ssh2
Jul 24 10:15:08 g4server sshd[9152]: Illegal user fuel from 61.100.12.43
Jul 24 10:15:16 g4server sshd[9152]: Failed password for illegal user fuel from 61.100.12.43 port 55021 ssh2
Jul 24 10:15:17 g4server sshd[9158]: Illegal user orion from 61.100.12.43
Jul 24 10:15:24 g4server sshd[9158]: Failed password for illegal user orion from 61.100.12.43 port 55033 ssh2
Jul 24 10:15:25 g4server sshd[9164]: Illegal user solidus from 61.100.12.43
Jul 24 10:15:32 g4server sshd[9164]: Failed password for illegal user solidus from 61.100.12.43 port 55048 ssh2
Jul 24 10:15:33 g4server sshd[9171]: Illegal user angel from 61.100.12.43
Jul 24 10:15:40 g4server sshd[9171]: Failed password for illegal user angel from 61.100.12.43 port 55065 ssh2
Jul 24 10:15:41 g4server sshd[9177]: Illegal user mercury from 61.100.12.43
Jul 24 10:15:49 g4server sshd[9177]: Failed password for illegal user mercury from 61.100.12.43 port 55084 ssh2
Jul 24 10:15:49 g4server sshd[9183]: Illegal user venus from 61.100.12.43
Jul 24 10:15:57 g4server sshd[9183]: Failed password for illegal user venus from 61.100.12.43 port 55097 ssh2
Jul 24 10:15:58 g4server sshd[9189]: Illegal user earth from 61.100.12.43
Jul 24 10:16:05 g4server sshd[9189]: Failed password for illegal user earth from 61.100.12.43 port 55117 ssh2
Jul 24 10:16:06 g4server sshd[9195]: Illegal user mars from 61.100.12.43
Jul 24 10:16:13 g4server sshd[9195]: Failed password for illegal user mars from 61.100.12.43 port 55138 ssh2
Jul 24 10:16:14 g4server sshd[9201]: Illegal user saturn from 61.100.12.43
Jul 24 10:16:21 g4server sshd[9201]: Failed password for illegal user saturn from 61.100.12.43 port 55162 ssh2
Jul 24 10:16:22 g4server sshd[9207]: Illegal user jupiter from 61.100.12.43
Jul 24 10:16:29 g4server sshd[9207]: Failed password for illegal user jupiter from 61.100.12.43 port 55207 ssh2
Jul 24 10:16:30 g4server sshd[9213]: Illegal user neptune from 61.100.12.43
Jul 24 10:16:38 g4server sshd[9213]: Failed password for illegal user neptune from 61.100.12.43 port 55241 ssh2
Jul 24 10:16:38 g4server sshd[9220]: Illegal user pluto from 61.100.12.43
Jul 24 10:16:46 g4server sshd[9220]: Failed password for illegal user pluto from 61.100.12.43 port 55271 ssh2
Jul 24 10:16:47 g4server sshd[9227]: Illegal user planet from 61.100.12.43
Jul 24 10:16:54 g4server sshd[9227]: Failed password for illegal user planet from 61.100.12.43 port 55297 ssh2
Jul 24 10:16:55 g4server sshd[9233]: Illegal user aenima from 61.100.12.43
Jul 24 10:17:02 g4server sshd[9233]: Failed password for illegal user aenima from 61.100.12.43 port 55314 ssh2
Jul 24 10:17:03 g4server sshd[9239]: Illegal user salival from 61.100.12.43
Jul 24 10:17:10 g4server sshd[9239]: Failed password for illegal user salival from 61.100.12.43 port 55322 ssh2
Jul 24 10:17:11 g4server sshd[9245]: Illegal user ktulu from 61.100.12.43
Jul 24 10:17:19 g4server sshd[9245]: Failed password for illegal user ktulu from 61.100.12.43 port 55334 ssh2
Jul 24 10:17:19 g4server sshd[9251]: Illegal user head from 61.100.12.43
Jul 24 10:17:27 g4server sshd[9251]: Failed password for illegal user head from 61.100.12.43 port 55343 ssh2
Jul 24 10:17:28 g4server sshd[9257]: Illegal user basket from 61.100.12.43
Jul 24 10:17:35 g4server sshd[9257]: Failed password for illegal user basket from 61.100.12.43 port 55356 ssh2
Jul 24 10:17:36 g4server sshd[9263]: Illegal user hawk from 61.100.12.43
Jul 24 10:17:43 g4server sshd[9263]: Failed password for illegal user hawk from 61.100.12.43 port 55466 ssh2

なんつーか、こうやってスクリプトログインを試みるやつって定期的に来るなぁ。仕事中に不正アクセスされると激しくうざいんですけど・・・

今回は害はないので放置してたけど、緊急を要する攻撃を受けた時さ、仕事を優先するか鯖を優先するかどーしよ?　ま、とりあえずルーターの電源落とすのがいいw

それとsshd_configから数回のログイン失敗したIPからはしばらくアクセス出来ないように直さないとな。

投稿者 monar : 2004年07月26日 16:22 | トラックバック

コメントする


	ウェブログの設定とか、鯖の設定の記録とか、あと個人的なコトとか、そんなゴミな日記つーか記録帳