Linux -Blue forest free software | Return to home page | Site Map | Search WWW | Contact Us |
Your current position : Homepage > Free Software > Technological exchanges >System Management


    

Blue Forest http://www.lslnet.com at 3:18 p.m. on August 18, 2006


Linux security problems connected to external networks

Linux security problems connected to external networks

I REDHAT9 a pc installed as Server connected to external networks. Used for a period of time, in /var/log/secure, secure.1, secure.2
Secure.3, secure.4 five security log files and found a lot of interesting things.

1. Many Koreans attempted a landing approach my pc : : root user plane, I tried to use different passwords pc landing aircraft.
Two different methods : user names, passwords simply trying to use my pc landing aircraft.
2. A Korean (IP:211.241.40.51), the use of different users, and trying to use my pc plane landing simple passwords, try the whole 15 minutes.
3. Try landing on the two main kinds of ways : ssh and ftp.
4. I had to take care of my pc trying to land the plane Koreans, Americans, French, Brazilians, Shanghai, China, in Beijing, China.
China, Wuhan, Nanjing, China, and so on.
5. Most of the South Koreans were landing attempt, each trying to land the longest, most methods.
6[size=18]. Conclusion : To [color=blue] mainframe security system, the user passwords best long strange. [/color][/size]
Mar 21 03:30:45 bms sshd (pam_unix) [24488] : authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= antimoine
Ost=61.33.168.176 user=root 61.33.168.176 - Seoul, Korea

Mar 22 06:31:03 bms sshd (pam_unix) [25370] : authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= antimoine
Ost=210.127.244.207 user=root 210.127.244.207-South Korea

Mar 22 20:53:49 bms sshd (pam_unix) [27601] : authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= antimoine
Ost=61.152.91.147 user=root official data inquiries : 61.152.91.147-Shanghai

Mar 23 13:50:12 bms sshd (pam_unix) [31195] : authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= antimoine
Ost=218.158.46.159 user=nobody 218.158.46.159-South Korea

Mar 25 07:59:54 bms sshd (pam_unix) [7330] : authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rho
St=218.152.126.212 user=nobody 218.152.126.212-South Korea

Mar 26 15:52:13 bms sshd (pam_unix) [14225] : authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= antimoine
Ost=200.83.0.71 user=nobody 200.83.0.71 countries : Brazil

Apr 4 08:27:32 bms sshd (pam_unix) [3537] : authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rho
St=219.238.239.10 user=root 219.238.239.10-Beijing

Apr 4 10:35:37 bms sshd (pam_unix) [3736] : authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rho
St=211.241.40.51 user=named

Apr 4 15:04:18 bms vsftpd (pam_unix) : authentication failure; [4348] logname= uid=0 euid=0 tty= ruser= rhost=211.167.159.68 211.167.159.68-Shanghai




[root@bms Log]# pwd
/var/log
[root@bms Log]# 1s
Boot.log cron.3 ksyms.2 maillog.2 rpmpkgs secure.1 spooler.4 wtmp.1
Boot.log.1 cron.4 ksyms.3 maillog.3 rpmpkgs.1 secure.2 vbox xdm-errors
Boot.log.2 cups ksyms.4 maillog.4 rpmpkgs.2 secure.3 vsftpd.log XFree86.0.log
Boot.log.3 dmesg ksyms.5 messages rpmpkgs.3 secure.4 vsftpd.log.1 XFree86.0.log.old
Boot.log.4 gdm ksyms.6 messages.1 rpmpkgs.4 spooler vsftpd.log.2 XFree86.1.log
Cron httpd lastlog messages.2 samba spooler.1 vsftpd.log.3
Cron.1 ksyms.0 maillog messages.3 scrollkeeper.log spooler.2 vsftpd.log.4
Cron.2 ksyms.1 maillog.1 messages.4 secure spooler.3 wtmp
[root@bms Log]# more secure
Apr 3 07:00:02 bms sshd[3303] : 15; terminating signal Beijing.
Apr 3 07:01:38 bms sshd[3303] 0.0.0.0 : Server listening on port 22.
Apr 4 07:00:02 bms sshd[3303] : 15; terminating signal Beijing.
Apr 4 07:01:37 bms sshd[3300] 0.0.0.0 : Server listening on port 22.
Apr 4 08:27:27 bms sshd[3527] : Illegal user test from 219.238.239.10
Apr 4 08:27:28 bms sshd[3529] : Illegal user guest from 219.238.239.10
Apr 4 08:27:29 bms sshd[3531] : Illegal user admin from 219.238.239.10
Apr 4 08:27:30 bms sshd[3533] : Illegal user admin from 219.238.239.10
Apr 4 08:27:31 bms sshd[3535] : Illegal user user from 219.238.239.10
Apr 4 08:27:34 bms sshd[3537] : Failed password for root from 219.238.239.10 port 2487 ssh2
Apr 4 08:27:37 bms sshd[3539] : Failed password for root from 219.238.239.10 port 2670 ssh2
Apr 4 08:27:40 bms sshd[3541] : Failed password for root from 219.238.239.10 port 2842 ssh2
Apr 4 08:27:41 bms sshd[3543] : Illegal user test from 219.238.239.10
Apr 4 09:01:19 bms sshd[3547] : Accepted password for root from 172.19.202.161 port 1178 ssh2
Apr 4 09:32:44 bms sshd[3603] : Accepted password for root from 172.19.202.161 port 1210 ssh2
Apr 4 10:20:39 bms sshd[3649] : Accepted password for root from 172.19.201.169 port 32,864 ssh2
Apr 4 10:35:01 bms sshd[3710] : Illegal user thomas from 211.241.40.51
Apr 4 10:35:04 bms sshd[3712] : Illegal user office from 211.241.40.51
Apr 4 10:35:07 bms sshd[3714] : Illegal user [from 211.241.40.51
Apr 4 10:35:10 bms sshd[3716] : Illegal user reichard from 211.241.40.51
Apr 4 10:35:13 bms sshd[3718] : Illegal user abc from 211.241.40.51
Apr 4 10:35:15 bms sshd[3720] : Illegal user petter from 211.241.40.51
Apr 4 10:35:18 bms sshd[3722] : Illegal user honda from 211.241.40.51
Apr 4 10:35:20 bms sshd[3724] : Illegal user sales from 211.241.40.51
Apr 4 10:35:23 bms sshd[3726] : Illegal user purchase from 211.241.40.51
Apr 4 10:35:26 bms sshd[3728] : Illegal user finance from 211.241.40.51
Apr 4 10:35:28 bms sshd[3730] : Illegal user aspire from 211.241.40.51
Apr 4 10:35:31 bms sshd[3732] : Illegal user cyrus from 211.241.40.51
Apr 4 10:35:34 bms sshd[3734] : Illegal user postfix from 211.241.40.51
Apr 4 10:35:39 : Failed password for bms sshd[3736] named from 211.241.40.51 port 49198 ssh2
Apr 4 10:35:42 bms sshd[3738] : Illegal user firewall from 211.241.40.51
Apr 4 10:35:45 bms sshd[3740] : Illegal user irc from 211.241.40.51
Apr 4 10:35:47 bms sshd[3742] : Illegal user ircd from 211.241.40.51
Apr 4 10:35:50 bms sshd[3744] : Illegal user amanda from 211.241.40.51
Apr 4 10:35:53 bms sshd[3746] : Illegal user fax from 211.241.40.51
Apr 4 10:35:56 bms sshd[3748] : Illegal user liviu from 211.241.40.51
Apr 4 10:35:59 bms sshd[3750] : Illegal user cristi from 211.241.40.51
Apr 4 10:36:02 bms sshd[3752] : Illegal user bogdan from 211.241.40.51
Apr 4 10:36:05 bms sshd[3754] : Illegal user project from 211.241.40.51
Apr 4 10:36:07 bms sshd[3756] : Illegal user gabriel from 211.241.40.51
Apr 4 10:36:10 bms sshd[3758] : Illegal user michael from 211.241.40.51
Apr 4 10:36:12 bms sshd[3760] : Illegal user carmen from 211.241.40.51
Apr 4 10:36:15 bms sshd[3762] : Illegal user board from 211.241.40.51
Apr 4 10:36:17 bms sshd[3764] : Illegal user vivas from 211.241.40.51
Apr 4 10:36:20 bms sshd[3766] : Illegal user samples from 211.241.40.51
Apr 4 10:36:22 bms sshd[3768] : Illegal user packing from 211.241.40.51
Apr 4 10:36:24 bms sshd[3770] : Illegal user accounting from 211.241.40.51
Apr 4 10:36:27 bms sshd[3772] : Illegal user marc from 211.241.40.51
Apr 4 10:36:30 bms sshd[3774] : Illegal user mark from 211.241.40.51
Apr 4 10:36:33 bms sshd[3776] : Illegal user Mike from 211.241.40.51
Apr 4 10:36:36 bms sshd[3778] : Illegal user sara from 211.241.40.51
Apr 4 10:36:39 bms sshd[3780] : Illegal user jim from 211.241.40.51
Apr 4 10:36:41 bms sshd[3782] : Illegal user custom from 211.241.40.51
Apr 4 10:36:44 bms sshd[3784] : Illegal user kay from 211.241.40.51
Apr 4 10:36:47 bms sshd[3786] : Illegal user Lab from 211.241.40.51
Apr 4 10:36:49 bms sshd[3788] : Illegal user melissa from 211.241.40.51
Apr 4 10:36:52 bms sshd[3790] : Illegal user darren from 211.241.40.51
Apr 4 10:36:55 bms sshd[3792] : Illegal user jack from 211.241.40.51
Apr 4 10:36:57 bms sshd[3794] : Illegal user algorithm maybe helpful from 211.241.40.51
Apr 4 10:37:00 bms sshd[3796] : Illegal user serg from 211.241.40.51
Apr 4 10:37:03 bms sshd[3798] : Illegal user gandalf from 211.241.40.51
Apr 4 10:37:05 bms sshd[3800] : Illegal user frodo from 211.241.40.51
Apr 4 10:37:08 bms sshd[3802] : Illegal user soft from 211.241.40.51
Apr 4 10:37:11 bms sshd[3804] : Illegal user mobile from 211.241.40.51
Apr 4 10:37:14 bms sshd[3806] : Illegal user air from 211.241.40.51
Apr 4 10:37:16 bms sshd[3808] : Illegal user boy from 211.241.40.51
Apr 4 10:37:19 bms sshd[3810] : Illegal user black from 211.241.40.51
Apr 4 10:37:22 bms sshd[3812] : Illegal user ed from 211.241.40.51
Apr 4 10:37:24 bms sshd[3814] : Illegal user Joe from 211.241.40.51
Apr 4 10:37:27 bms sshd[3816] : Illegal user job from 211.241.40.51
Apr 4 10:37:29 bms sshd[3818] : Illegal user blow from 211.241.40.51
Apr 4 10:37:32 bms sshd[3820] : Illegal user note from 211.241.40.51
Apr 4 10:37:35 bms sshd[3822] : Illegal user yes from 211.241.40.51
Apr 4 10:37:38 bms sshd[3824] : Illegal user check from 211.241.40.51
Apr 4 10:37:40 bms sshd[3826] : Illegal user natasha from 211.241.40.51
Apr 4 10:37:43 bms sshd[3828] : Illegal user kgb from 211.241.40.51
Apr 4 10:37:46 bms sshd[3830] : Illegal user animal from 211.241.40.51
Apr 4 10:37:48 bms sshd[3832] : Illegal user smart from 211.241.40.51
Apr 4 10:37:51 bms sshd[3834] : Illegal user trust from 211.241.40.51
Apr 4 10:37:54 bms sshd[3836] : Illegal user denied from 211.241.40.51
Apr 4 10:37:58 bms sshd[3838] : Illegal user lock from 211.241.40.51
Apr 4 10:38:00 bms sshd[3840] : Illegal user coke from 211.241.40.51
Apr 4 10:38:04 bms sshd[3842] : Illegal user power from 211.241.40.51
Apr 4 10:38:07 bms sshd[3844] : Illegal user code from 211.241.40.51
Apr 4 10:38:10 bms sshd[3846] : Illegal user source from 211.241.40.51
Apr 4 10:38:13 bms sshd[3848] : Illegal user run from 211.241.40.51
Apr 4 10:38:16 bms sshd[3850] : Illegal user key from 211.241.40.51
Apr 4 10:38:18 bms sshd[3852] : Illegal user service from 211.241.40.51
Apr 4 10:38:23 bms sshd[3854] : Failed password for ftp from 211.241.40.51 port 35596 ssh2
Apr 4 10:38:26 bms sshd[3856] : Illegal user ultra from 211.241.40.51
Apr 4 10:38:29 bms sshd[3858] : Illegal user Genero from 211.241.40.51
Apr 4 10:38:32 bms sshd[3860] : Illegal user remote from 211.241.40.51
Apr 4 10:38:35 : Illegal user bms sshd[3862] top from 211.241.40.51
Apr 4 10:38:37 bms sshd[3864] : Illegal user gold from 211.241.40.51
Apr 4 10:38:40 bms sshd[3866] : Illegal user silver from 211.241.40.51
Apr 4 10:38:43 bms sshd[3868] : Illegal user magic from 211.241.40.51
Apr 4 10:38:45 bms sshd[3870] : Illegal user speed from 211.241.40.51
Apr 4 10:38:48 bms sshd[3872] : Illegal user disk from 211.241.40.51
Apr 4 10:38:51 bms sshd[3874] : Illegal user siemens from 211.241.40.51
Apr 4 10:38:54 bms sshd[3876] : Illegal user samsung from 211.241.40.51
Apr 4 10:38:57 bms sshd[3878] : Illegal user nokia from 211.241.40.51
Apr 4 10:38:59 bms sshd[3880] : Illegal user ericson from 211.241.40.51
Apr 4 10:39:03 bms sshd[3882] : Illegal user orange from 211.241.40.51
Apr 4 10:39:06 bms sshd[3884] : Illegal user origin from 211.241.40.51
Apr 4 10:39:08 bms sshd[3886] : Illegal user Ballet from 211.241.40.51
Apr 4 10:39:11 bms sshd[3888] : Illegal user box from 211.241.40.51
Apr 4 10:39:14 bms sshd[3890] : Illegal user sound from 211.241.40.51
Apr 4 10:39:17 bms sshd[3892] : Illegal user file from 211.241.40.51
Apr 4 10:39:19 bms sshd[3894] : Illegal user selects from 211.241.40.51
Apr 4 10:39:22 bms sshd[3896] : Illegal user phone from 211.241.40.51
Apr 4 10:39:25 bms sshd[3898] : Illegal user extra from 211.241.40.51
Apr 4 10:39:28 bms sshd[3900] : Illegal user network from 211.241.40.51
Apr 4 10:39:31 bms sshd[3902] : Illegal user audio from 211.241.40.51
Apr 4 10:39:34 bms sshd[3904] : Illegal user light from 211.241.40.51
Apr 4 10:39:37 bms sshd[3906] : Illegal user hide from 211.241.40.51
Apr 4 10:39:39 bms sshd[3908] : Illegal user clock from 211.241.40.51
Apr 4 10:39:42 bms sshd[3910] : Illegal user gsm from 211.241.40.51
Apr 4 10:39:45 bms sshd[3912] : Illegal user security from 211.241.40.51
Apr 4 10:39:48 bms sshd[3914] : Illegal user CPU from 211.241.40.51
Apr 4 10:39:50 bms sshd[3916] : Illegal user delet from 211.241.40.51
Apr 4 10:39:53 bms sshd[3918] : Illegal user status from 211.241.40.51
Apr 4 10:39:57 bms sshd[3920] : Illegal user image from 211.241.40.51
Apr 4 10:40:00 bms sshd[3922] : Illegal user memo from 211.241.40.51
Apr 4 10:40:03 bms sshd[3924] : Illegal user setup from 211.241.40.51
Apr 4 10:40:05 bms sshd[3926] : Illegal user profile from 211.241.40.51
Apr 4 10:40:08 bms sshd[3928] : Illegal user inbox from 211.241.40.51
Apr 4 10:40:11 bms sshd[3930] : Illegal user task from 211.241.40.51
Apr 4 10:40:13 bms sshd[3932] : Illegal user alarm from 211.241.40.51
Apr 4 10:40:16 bms sshd[3934] : Illegal user call from 211.241.40.51
Apr 4 10:40:19 bms sshd[3936] : Illegal user mac from 211.241.40.51
Apr 4 10:40:21 bms sshd[3938] : Illegal user tone from 211.241.40.51
Apr 4 10:40:24 bms sshd[3940] : Illegal user alert from 211.241.40.51
Apr 4 10:40:27 bms sshd[3942] : Illegal user ring from 211.241.40.51
Apr 4 10:40:30 bms sshd[3944] user : Illegal trade from 211.241.40.51
Apr 4 10:40:33 bms sshd[3946] : Illegal user shell from 211.241.40.51
Apr 4 10:40:36 bms sshd[3948] : Illegal user default from 211.241.40.51
Apr 4 10:40:39 bms sshd[3950] : Illegal user reset from 211.241.40.51
Apr 4 10:40:41 bms sshd[3952] : Illegal user car from 211.241.40.51
Apr 4 10:40:44 bms sshd[3954] : Illegal user pin from 211.241.40.51
Apr 4 10:40:47 bms sshd[3956] : Illegal user privacy from 211.241.40.51
Apr 4 10:40:50 bms sshd[3958] : Illegal user empty from 211.241.40.51
Apr 4 10:40:52 bms sshd[3960] : Illegal user ident from 211.241.40.51
Apr 4 10:40:55 bms sshd[3962] auto : Illegal user from 211.241.40.51
Apr 4 10:40:58 bms sshd[3964] : Illegal user enter from 211.241.40.51
Apr 4 10:41:01 bms sshd[3966] : Illegal user gprs from 211.241.40.51
Apr 4 Real bms sshd[3968] : Illegal user sam from 211.241.40.51
Apr 4 10:41:07 bms sshd[3970] : Illegal user only from 211.241.40.51
Apr 4 10:41:10 bms sshd[3972] : Illegal user network from 211.241.40.51
Apr 4 10:41:13 bms sshd[3974] : Illegal user rat from 211.241.40.51
Apr 4 10:41:16 bms sshd[3976] user : Illegal alien from 211.241.40.51
Apr 4 10:41:19 bms sshd[3978] : Illegal user duck from 211.241.40.51
Apr 4 10:41:21 bms sshd[3980] : Illegal user witch from 211.241.40.51
Apr 4 10:41:24 bms sshd[3982] : Illegal super user from 211.241.40.51
Apr 4 10:41:27 bms sshd[3984] : Illegal user ritual from 211.241.40.51
Apr 4 10:41:30 bms sshd[3986] : Illegal user create from 211.241.40.51
Apr 4 10:41:32 bms sshd[3988] : Illegal user virtual from 211.241.40.51
Apr 4 10:41:35 bms sshd[3990] : Illegal user online from 211.241.40.51
Apr 4 10:41:38 bms sshd[3992] : Illegal user Lotus from 211.241.40.51
Apr 4 10:41:43 bms sshd[3994] : Illegal user take from 211.241.40.51
Apr 4 10:41:46 bms sshd[3996] : Illegal user rock from 211.241.40.51
Apr 4 10:41:48 bms sshd[3998] : Illegal user lead from 211.241.40.51
Apr 4 10:41:51 bms sshd[4000] : Illegal user doc from 211.241.40.51
Apr 4 10:41:54 bms sshd[4002] : Illegal user data from 211.241.40.51
Apr 4 10:41:57 bms sshd[4004] : Illegal user menu from 211.241.40.51
Apr 4 10:42:00 bms sshd[4006] : Illegal user anl from 211.241.40.51
Apr 4 10:42:02 bms sshd[4008] : Illegal user combat from 211.241.40.51
Apr 4 10:42:05 : Illegal user bms sshd[4010] house from 211.241.40.51
Apr 4 10:42:07 bms sshd[4012] : Illegal user war from 211.241.40.51
Apr 4 10:42:10 bms sshd[4014] : Illegal user art from 211.241.40.51
Apr 4 10:42:13 bms sshd[4016] : Illegal user lucas from 211.241.40.51
Apr 4 10:42:15 bms sshd[4018] : Illegal user dvd from 211.241.40.51
Apr 4 10:42:18 bms sshd[4020] : Illegal user fire from 211.241.40.51
Apr 4 10:42:21 bms sshd[4022] : Illegal user Clone from 211.241.40.51
Apr 4 10:42:23 bms sshd[4024] : Illegal user kid from 211.241.40.51
Apr 4 10:42:26 bms sshd[4026] : Illegal user kitty_wy_fung@sb.gov.hk from 211.241.40.51
Apr 4 10:42:29 bms sshd[4028] : Illegal user sparc from 211.241.40.51
Apr 4 10:42:32 bms sshd[4030] : Illegal user wizard from 211.241.40.51
Apr 4 10:42:34 bms sshd[4032] : Illegal user fish from 211.241.40.51
Apr 4 10:42:38 bms sshd[4034] : Illegal user andrew from 211.241.40.51
Apr 4 10:42:41 bms pretty sshd[4036] : Illegal user from 211.241.40.51
Apr 4 10:42:44 bms sshd[4038] : Illegal user nice from 211.241.40.51
Apr 4 10:42:47 bms sshd[4040] : Illegal user bear from 211.241.40.51
Apr 4 10:42:49 bms sshd[4042] : Illegal user media from 211.241.40.51
Apr 4 10:42:52 bms sshd[4044] : Illegal user bomb from 211.241.40.51
Apr 4 10:42:55 bms sshd[4046] : Illegal user bcr from 211.241.40.51
Apr 4 10:42:57 bms sshd[4048] : Illegal user nightmare from 211.241.40.51
Apr 4 10:43:00 bms sshd[4050] : Illegal user slim from 211.241.40.51
Apr 4 10:43:03 bms sshd[4052] : Illegal user Funny from 211.241.40.51
Apr 4 10:43:06 bms sshd[4054] : Illegal user Debat from 211.241.40.51
Apr 4 10:43:08 bms sshd[4056] : Illegal user man from 211.241.40.51
Apr 4 10:43:11 bms sshd[4058] : Illegal user zoom from 211.241.40.51
Apr 4 10:43:14 bms sshd[4060] : Illegal user mole from 211.241.40.51
Apr 4 10:43:17 bms sshd[4062] : Illegal user flood from 211.241.40.51
Apr 4 10:43:19 bms sshd[4064] : Illegal user mother from 211.241.40.51
Apr 4 10:43:22 bms sshd[4066] : Illegal user diana from 211.241.40.51
Apr 4 10:43:25 bms sshd[4068] : Illegal user xpl from 211.241.40.51
Apr 4 10:43:28 bms sshd[4070] : Illegal user last from 211.241.40.51
Apr 4 10:43:30 bms sshd[4072] : Illegal user monk from 211.241.40.51
Apr 4 10:43:33 bms sshd[4074] : Illegal user enemy from 211.241.40.51
Apr 4 10:43:36 bms sshd[4076] user : Illegal music from 211.241.40.51
Apr 4 10:43:39 bms sshd[4078] : Illegal user CCVF from 211.241.40.51
Apr 4 10:43:41 bms sshd[4080] : Illegal user xxl from 211.241.40.51
Apr 4 10:43:44 bms sshd[4082] : Illegal user girl from 211.241.40.51
Apr 4 10:43:47 bms sshd[4084] : Illegal user putty from 211.241.40.51
Apr 4 10:43:50 bms sshd[4086] : Illegal user inside individual EU from 211.241.40.51
Apr 4 10:43:53 bms sshd[4088] : Illegal user flag from 211.241.40.51
Apr 4 10:43:56 bms sshd[4090] : Illegal user pistol from 211.241.40.51
Apr 4 10:43:59 bms sshd[4092] : Illegal user gun from 211.241.40.51
Apr 4 10:44:02 bms sshd[4094] : Illegal user blind from 211.241.40.51
Apr 4 10:44:04 bms sshd[4096] : Illegal user, what did from 211.241.40.51
Apr 4 10:44:07 bms sshd[4098] : Illegal user safe from 211.241.40.51
Apr 4 10:44:10 : Illegal user anti bms sshd[4100] from 211.241.40.51
Apr 4 10:44:15 bms sshd[4102] : Illegal user stop from 211.241.40.51
Apr 4 10:44:23 bms sshd[4104] : Illegal user queen from 211.241.40.51
Apr 4 10:44:25 bms sshd[4106] : Illegal user king from 211.241.40.51
Apr 4 10:44:28 bms sshd[4108] : Illegal user elisabeth from 211.241.40.51
Apr 4 10:44:31 bms sshd[4110] : Illegal user stone from 211.241.40.51
Apr 4 10:44:33 bms sshd[4112] : Illegal user nexus from 211.241.40.51
Apr 4 10:44:36 bms sshd[4114] : Illegal user optic from 211.241.40.51
Apr 4 10:44:39 bms sshd[4116] : Illegal user diablo from 211.241.40.51
Apr 4 10:44:42 bms sshd[4118] : Illegal user red from 211.241.40.51
Apr 4 10:44:44 bms sshd[4120] : Illegal user blue from 211.241.40.51
Apr 4 10:44:47 bms sshd[4122] : Illegal user sparky from 211.241.40.51
Apr 4 10:44:50 bms sshd[4124] : Illegal user sergiu from 211.241.40.51
Apr 4 10:44:52 bms sshd[4126] : Illegal user quad from 211.241.40.51
Apr 4 10:44:55 bms sshd[4128] : Illegal user danger from 211.241.40.51
Apr 4 10:44:58 bms sshd[4130] : Illegal user sun from 211.241.40.51
Apr 4 10:45:01 bms sshd[4132] : Illegal user net from 211.241.40.51
Apr 4 10:45:03 bms sshd[4134] : Illegal user sony from 211.241.40.51
Apr 4 10:45:06 bms sshd[4136] : Illegal user pionner from 211.241.40.51
Apr 4 10:45:08 bms sshd[4138] : Illegal user hat from 211.241.40.51
Apr 4 10:45:11 bms sshd[4140] : Illegal user audi from 211.241.40.51
Apr 4 10:45:13 bms sshd[4142] : Illegal user bmw from 211.241.40.51
Apr 4 10:45:16 bms sshd[4144] : Illegal user lake from 211.241.40.51
Apr 4 10:45:20 bms sshd[4146] : Illegal user book from 211.241.40.51
Apr 4 10:45:23 bms sshd[4148] : Illegal user dennis from 211.241.40.51
Apr 4 10:45:26 bms sshd[4150] : Illegal user limit PACC from 211.241.40.51
Apr 4 10:45:28 bms sshd[4152] : Illegal user flat from 211.241.40.51
Apr 4 10:45:31 bms sshd[4154] : Illegal user nuke from 211.241.40.51
Apr 4 10:45:34 bms sshd[4156] : Illegal user halo from 211.241.40.51
Apr 4 10:45:37 bms sshd[4158] : Illegal user sniper from 211.241.40.51
Apr 4 10:45:40 bms sshd[4160] : Illegal user clasic from 211.241.40.51
Apr 4 10:45:42 bms sshd[4162] : Illegal user proxy from 211.241.40.51
Apr 4 10:45:44 bms sshd[4164] : Illegal user list from 211.241.40.51
Apr 4 10:45:47 bms sshd[4166] : Illegal user click from 211.241.40.51
Apr 4 10:45:50 bms sshd[4168] : Illegal user legolas from 211.241.40.51
Apr 4 10:45:53 bms sshd[4170] : Illegal user lego from 211.241.40.51
Apr 4 10:45:56 bms sshd[4172] : Illegal user race from 211.241.40.51
Apr 4 10:45:59 bms sshd[4174] : Illegal user sandra from 211.241.40.51
Apr 4 10:46:01 bms sshd[4176] : Illegal user mig from 211.241.40.51
Apr 4 10:46:03 bms sshd[4178] : Illegal user host from 211.241.40.51
Apr 4 10:46:06 bms sshd[4180] : Illegal user testuser from 211.241.40.51
Apr 4 10:46:09 bms sshd[4182] : Illegal user zone from 211.241.40.51
Apr 4 10:46:11 bms sshd[4184] : Illegal user pop from 211.241.40.51
Apr 4 10:46:14 bms sshd[4186] : Illegal user SMTP from 211.241.40.51
Apr 4 10:46:16 bms sshd[4188] : Illegal user bonnie from 211.241.40.51
Apr 4 10:46:19 bms sshd[4190] : Illegal user frances from 211.241.40.51
Apr 4 10:46:21 bms sshd[4192] : Illegal user danielle from 211.241.40.51
Apr 4 10:46:24 bms sshd[4194] : Illegal user Naxcivan from 211.241.40.51
Apr 4 10:46:27 bms sshd[4196] : Illegal user karl from 211.241.40.51
Apr 4 10:46:30 bms sshd[4198] : Illegal user paula from 211.241.40.51
Apr 4 10:46:32 bms sshd[4200] : Illegal user otto from 211.241.40.51
Apr 4 10:46:35 bms sshd[4202] : Illegal user virgine from 211.241.40.51
Apr 4 10:46:38 bms sshd[4204] : Illegal user bret from 211.241.40.51
Apr 4 10:46:41 bms sshd[4206] : Illegal user dennis from 211.241.40.51
Apr 4 10:46:43 bms sshd[4208] : Illegal user jose from 211.241.40.51
Apr 4 10:46:46 bms sshd[4210] : Illegal user stan from 211.241.40.51
Apr 4 10:46:49 bms sshd[4212] : Illegal user Lee, from 211.241.40.51
Apr 4 10:46:51 bms sshd[4214] : Illegal user nadin from 211.241.40.51
Apr 4 10:46:55 bms sshd[4216] : Illegal user tony from 211.241.40.51
Apr 4 10:46:58 bms sshd[4218] : Illegal user barry from 211.241.40.51
Apr 4 10:47:00 bms sshd[4220] : Illegal user vicky from 211.241.40.51
Apr 4 10:47:03 bms sshd[4222] : Illegal user bill from 211.241.40.51
Apr 4 10:47:06 bms sshd[4224] : Illegal user larry from 211.241.40.51
Apr 4 10:47:08 bms sshd[4226] : Illegal user rose from 211.241.40.51
Apr 4 10:47:11 bms sshd[4228] : Illegal user dress from 211.241.40.51
Apr 4 10:47:13 bms sshd[4230] : Illegal user jerry from 211.241.40.51
Apr 4 10:47:16 bms sshd[4232] : Illegal user mirna from 211.241.40.51
Apr 4 10:47:19 bms sshd[4234] : Illegal user milena from 211.241.40.51
Apr 4 10:47:24 bms sshd[4236] : Failed password for adm from 211.241.40.51 port 44296 ssh2
Apr 4 10:47:27 bms sshd[4238] : Illegal user from Yahoo 211.241.40.51
Apr 4 10:47:29 bms sshd[4240] : Illegal user unknown from 211.241.40.51
Apr 4 10:47:32 bms sshd[4242] : Illegal user blues from 211.241.40.51
Apr 4 10:47:35 bms sshd[4244] : Illegal user paris from 211.241.40.51
Apr 4 10:47:37 bms sshd[4246] : Illegal user warez from 211.241.40.51
Apr 4 10:47:40 bms sshd[4248] : Illegal user quantum from 211.241.40.51
Apr 4 10:47:42 local bms sshd[4250] : Illegal user from 211.241.40.51
Apr 4 10:47:45 bms sshd[4252] : Illegal user romană from 211.241.40.51
Apr 4 10:47:48 bms sshd[4254] : Illegal user abuse from 211.241.40.51
Apr 4 10:47:51 bms sshd[4256] : Illegal user travel from 211.241.40.51
Apr 4 10:47:53 bms sshd[4258] : Illegal user ural from 211.241.40.51
Apr 4 10:47:56 bms sshd[4260] : Illegal user igor from 211.241.40.51
Apr 4 10:47:58 bms sshd[4262] : Illegal user dima from 211.241.40.51
Apr 4 10:48:01 bms sshd[4264] : Illegal user slash from 211.241.40.51
Apr 4 10:48:04 bms sshd[4266] : Illegal user plugin from 211.241.40.51
Apr 4 10:48:06 bms sshd[4268] : Illegal user ako from 211.241.40.51
Apr 4 10:48:09 bms sshd[4270] : Illegal user harris from 211.241.40.51
Apr 4 10:48:11 bms sshd[4272] : Illegal user dead from 211.241.40.51
Apr 4 10:48:14 bms sshd[4274] : Illegal user online from 211.241.40.51
Apr 4 10:48:17 bms sshd[4276] : Illegal user LRA from 211.241.40.51
Apr 4 10:48:19 bms sshd[4278] : Illegal user preview from 211.241.40.51
Apr 4 10:48:22 bms sshd[4280] : Illegal user wave from 211.241.40.51
Apr 4 10:48:25 bms sshd[4282] : Illegal user castle from 211.241.40.51
Apr 4 10:48:27 bms sshd[4284] : Illegal user protect from 211.241.40.51
Apr 4 10:48:30 bms sshd[4286] : Illegal user robison from 211.241.40.51
Apr 4 10:48:33 bms sshd[4288] : Illegal user liba from 211.241.40.51
Apr 4 10:48:35 bms sshd[4290] : Illegal user pavel from 211.241.40.51
Apr 4 10:48:38 bms sshd[4292] : Illegal user Burns from 211.241.40.51
Apr 4 10:48:41 bms sshd[4294] : Illegal user film from 211.241.40.51
Apr 4 10:48:43 bms sshd[4296] : Illegal user namor from 211.241.40.51
Apr 4 10:48:46 bms sshd[4298] : Illegal user cian from 211.241.40.51
Apr 4 10:48:49 bms sshd[4300] : Illegal user fast from 211.241.40.51
Apr 4 10:48:52 bms sshd[4302] : Illegal user caterina from 211.241.40.51
Apr 4 10:48:55 bms sshd[4304] : Illegal user design from 211.241.40.51
Apr 4 10:48:57 bms sshd[4306] : Illegal user mave from 211.241.40.51
Apr 4 10:49:00 bms sshd[4308] : Illegal user ice from 211.241.40.51
Apr 4 10:49:03 bms sshd[4310] : Illegal user tnt from 211.241.40.51
Apr 4 10:49:06 bms sshd[4312] : Illegal user sensor from 211.241.40.51
Apr 4 10:49:09 bms sshd[4314] : Illegal user frank from 211.241.40.51
Apr 4 10:49:11 bms sshd[4316] : Illegal user christian from 211.241.40.51
Apr 4 10:49:14 bms sshd[4318] : Illegal user markus from 211.241.40.51
Apr 4 10:49:17 bms sshd[4320] : Illegal user doro from 211.241.40.51
Apr 4 16:21:23 bms sshd[4365] : Illegal user test from 84.16.136.66
Apr 4 16:21:30 bms sshd[4367] : Illegal user guest from 84.16.136.66
Apr 4 16:21:36 bms sshd[4369] : Illegal user admin from 84.16.136.66
Apr 4 16:21:47 bms sshd[4371] : Did not receive identification string from 84.16.136.66
Apr 5 07:00:02 bms sshd[3300] : 15; terminating signal Beijing.
Apr 5 07:01:41 bms sshd[3303] 0.0.0.0 : Server listening on port 22.
Apr 5 08:50:32 bms sshd[3528] : Accepted password for root from 172.19.202.161 port 1030 ssh2
Apr 5 14:54:48 bms sshd[3599] : Accepted password for root from 172.19.202.161 port 1957 ssh2
Apr 5 15:32:35 bms sshd[3644] : Accepted password for root from 172.19.202.161 port 2240 ssh2
Apr 5 17:15:58 bms sshd[3699] : Accepted password for root from 172.19.202.161 port 1102 ssh2
Apr 6 07:00:02 bms sshd[3303] : 15; terminating signal Beijing.
Apr 6 07:01:40 bms sshd[3303] 0.0.0.0 : Server listening on port 22.
Apr 6 07:46:07 bms sshd[3524] : Did not receive identification string from 80.76.207.25
Apr 6 08:41:00 bms sshd[3529] : Accepted password for root from 172.19.202.161 port 1035 ssh2
Apr 6 11:59:13 bms sshd[3606] : Accepted password for root from 172.19.202.161 port 1645 ssh2
Apr 6 14:58:36 bms sshd[3663] : Accepted password for root from 172.19.201.169 port 32865 ssh2
Apr 6 16:19:22 bms sshd[3726] : Accepted password for root from 172.19.202.161 port 2954 ssh2
Apr 6 16:49:26 bms sshd[3789] : Accepted password for root from 172.19.202.161 port 3046 ssh2
Apr 6 16:57:46 bms sshd[3848] : Accepted password for root from 172.19.202.161 port 3,061 ssh2
Apr 6 17:05:36 bms sshd[3892] : Accepted password for root from 172.19.202.161 port 3077 ssh2
Apr 7 07:00:02 bms sshd[3303] : 15; terminating signal Beijing.
Apr 7 07:01:38 bms sshd[3300] 0.0.0.0 : Server listening on port 22.
Apr 7 08:35:29 bms sshd[3525] : Accepted password for root from 172.19.202.161 port 1097 ssh2
[root@bms Log]#

Linux security problems connected to external networks

This was normal, I also RHEL
So we need to firewall
However firewall is not absolute security, a good strategy is important to maintain oh em02 : : : : em02

Linux security problems connected to external networks

Restrictions on the source address is a bad way ssh

Linux security problems connected to external networks

Linux security problems connected to external networks

I am doing is DDNS
S xxx.3322.org
The rules every minute brush, remote IP changed, xxx.3322.org will change along with it, then here will change along with the addresses s
Unless
1, bad service 3322.org
2, someone stole my 3322.org dynamic domain account password, and amend his address, the account number and password know ssh

Linux security problems connected to external networks

-->

Boss is formidable
Have time to study putting em08 : :

Linux security problems connected to external networks

You are technical experts, cattle, said no. What I mean by security log files, and found a lot of interesting things [color=blue][size=18] [/size][/color] : Who (South Korea) to endanger the security of the network, methods, tools, a high level of the Who. There is the same about network attacks, nothing mysterious. By checking security log files, we will be able to improve the work of their ideas.
Thank you for your thoughts.

Linux security problems connected to external networks

South Korea is not a high level, on the contrary, it is South Korea's low level
South Korea's largest broiler, I know there are dozens of Korea broiler hands of a permanent address, can be launched at any time they attack, they often used their elevated station broiler to save the space leased

Linux security problems connected to external networks

-->

If there are problems on the server troubles, the company had to go, it is useful to examine the landing of the MAC, but could not come up with

Linux security problems connected to external networks

-->
MAC address is a two-story thing, but the routing, you think can not be achieved in internet上

Linux security problems connected to external networks

-->

Is ah, if iptables words how wonderful the netfilter support :
Iptables-t-p tcp-m mac PROROUTING A net 22 -j ACCEPT --mac:00.0f.7r.xx.xx.xx --dport

How wonderful

Linux security problems connected to external networks

-->

Idea : broilers, is the manager level is not high. South Korea can come to the low level of the attack.
Management and the attack will be different.
Attack depends on the level of log.
Thank you.

Linux security problems connected to external networks

You have misinterpreted what I mean

I say "low level of South Korea's attack," I said, "South Korea is not a high level, on the contrary, it is South Korea's low level," says that the level of attacks

As South Korea's level of attack, I do not know
Anyway, I know that if we really high, you have long been black, but also fail to see diary
Scan, test code, who will!

Linux security problems connected to external networks

-->

Mac support for the restrictions, but never played in the mac address. . .
Platinum has said. . . But also answered cuci original articles. . .
I think that this issue needs to know about friends tcpip several layers. . .
Theoretically, the idea is a mistake. . .

Linux security problems connected to external networks

If a openvpn server installation, the use of static documents so certification, then Telnet openvpn server, it can safely access the Internet, we can not use DDNS is not, and do not need a regular renewable netfilter rules. This should be relatively safe!

Linux security problems connected to external networks

You only have to change the password for a VPN, and not the ssh
Dynamic domain name and set up front that we are not setting up a firewall and you mean

[ Closed window ]


 Privacy Policy  Copyright © 1999-2000 LSLNET.COM. All rights reserved. Blue Forest website owners. E-mail : Webmaster@lslnet.com