Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SSHD] Bezpieczenstwo w sieci...
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Polskie forum (Polish)
View previous topic :: View next topic  
Author Message
Belliash
Advocate
Advocate


Joined: 24 Nov 2004
Posts: 2503
Location: Wroclaw, Poland
PostPosted: Fri Sep 14, 2007 8:09 am    Post subject: [SSHD] Bezpieczenstwo w sieci... Reply with quote
Witam,

Zaczne moze od tego iz posaidam ADSL z dialogu - 1mbps.
Z internetem lacze sie za pomoca routera LinkSys WRT54GL, wiec stoje za natem, ale kilka portow mam przekierowanych (22, 80, 443, 1550, 9176, 58856).
4 pierwsze porty sa ciagle zajete (uslugi), z kolei 2 ostatnie sluza mi do P2P i sa zajete jedynie gdy uruchomie aplikacje.


Dzis w logach zauwazylem takie cudo:

Code:
Sep 14 09:46:14 PECET sshd[8789]: Invalid user lpd from 201.236.218.136
Sep 14 09:46:22 PECET sshd[8815]: Invalid user lpa from 201.236.218.136
Sep 14 09:46:31 PECET sshd[8817]: Invalid user admin from 201.236.218.136
Sep 14 09:46:40 PECET sshd[8819]: Invalid user admin from 201.236.218.136
Sep 14 09:46:49 PECET sshd[8821]: Invalid user admin from 201.236.218.136
Sep 14 09:46:58 PECET sshd[8823]: Invalid user ftpuser from 201.236.218.136
Sep 14 09:47:07 PECET sshd[8826]: Invalid user ftpuser from 201.236.218.136
Sep 14 09:47:16 PECET sshd[8828]: Invalid user ftpuser from 201.236.218.136
Sep 14 09:47:25 PECET sshd[8830]: Invalid user ftpuser from 201.236.218.136
Sep 14 09:47:34 PECET sshd[8833]: Invalid user ftpuser from 201.236.218.136
Sep 14 09:47:41 PECET usb 1-8: USB disconnect, address 14
Sep 14 09:47:43 PECET sshd[8835]: Invalid user ftpuser from 201.236.218.136
Sep 14 09:47:52 PECET sshd[8857]: Invalid user ftpuser from 201.236.218.136
Sep 14 09:48:01 PECET sshd[8859]: Invalid user mailtest from 201.236.218.136
Sep 14 09:48:10 PECET sshd[8861]: Invalid user mailtest from 201.236.218.136
Sep 14 09:48:19 PECET sshd[8863]: Invalid user mailtest from 201.236.218.136
Sep 14 09:48:28 PECET sshd[8865]: Invalid user mailtest from 201.236.218.136
Sep 14 09:48:37 PECET sshd[8867]: Invalid user mailtest from 201.236.218.136
Sep 14 09:48:46 PECET sshd[8869]: Invalid user mailtest from 201.236.218.136
Sep 14 09:48:50 PECET sshd[8872]: reverse mapping checking getaddrinfo for corporat200-069119228.sta.etb.net.co [200.69.119.228] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 14 09:48:55 PECET sshd[8871]: Invalid user testuser from 201.236.218.136
Sep 14 09:49:04 PECET sshd[8875]: Invalid user testuser from 201.236.218.136
Sep 14 09:49:13 PECET sshd[8877]: Invalid user testuser from 201.236.218.136
Sep 14 09:49:22 PECET sshd[8879]: Invalid user testuser from 201.236.218.136
Sep 14 09:49:30 PECET sshd[8881]: Invalid user testuser from 201.236.218.136
Sep 14 09:49:39 PECET sshd[8883]: Invalid user testuser from 201.236.218.136
Sep 14 09:49:48 PECET sshd[8885]: Invalid user sales from 201.236.218.136
Sep 14 09:49:57 PECET sshd[8887]: Invalid user sales from 201.236.218.136
Sep 14 09:50:06 PECET sshd[8892]: Invalid user sales from 201.236.218.136
Sep 14 09:50:15 PECET sshd[8894]: Invalid user sales from 201.236.218.136
Sep 14 09:50:24 PECET sshd[8896]: Invalid user sales from 201.236.218.136
Sep 14 09:50:33 PECET sshd[8898]: Invalid user sales from 201.236.218.136
Sep 14 09:50:42 PECET sshd[8900]: Invalid user sales from 201.236.218.136
Sep 14 09:50:51 PECET sshd[8902]: Invalid user postgres from 201.236.218.136
Sep 14 09:51:00 PECET sshd[8904]: Invalid user postgres from 201.236.218.136
Sep 14 09:51:09 PECET sshd[8906]: Invalid user postgres from 201.236.218.136
Sep 14 09:51:18 PECET sshd[8908]: Invalid user postgres from 201.236.218.136
Sep 14 09:51:27 PECET sshd[8910]: Invalid user postgres from 201.236.218.136
Sep 14 09:51:36 PECET sshd[8912]: Invalid user postgres from 201.236.218.136
Sep 14 09:51:45 PECET sshd[8914]: Invalid user postfix from 201.236.218.136
Sep 14 09:51:54 PECET sshd[8916]: Invalid user postfix from 201.236.218.136
Sep 14 09:52:03 PECET sshd[8918]: Invalid user postfix from 201.236.218.136
Sep 14 09:52:12 PECET sshd[8920]: Invalid user postfix from 201.236.218.136
Sep 14 09:52:21 PECET sshd[8922]: Invalid user postfix from 201.236.218.136
Sep 14 09:52:30 PECET sshd[8924]: Invalid user postfix from 201.236.218.136
Sep 14 09:53:50 PECET sshd[8944]: Invalid user student from 201.236.218.136
Sep 14 09:53:59 PECET sshd[8946]: Invalid user student from 201.236.218.136
Sep 14 09:54:08 PECET sshd[8949]: Invalid user student from 201.236.218.136
Sep 14 09:54:17 PECET sshd[8951]: Invalid user student from 201.236.218.136
Sep 14 09:54:26 PECET sshd[8982]: Invalid user student from 201.236.218.136


i na tym sie skonczylo...
nic wiecej w logach nie ma...

Stad rodzi sie pytanie, na ile jestem bezpieczny i na ile moglo dojsc do wlamania w tym miejscu: "reverse mapping checking getaddrinfo for corporat200-069119228.sta.etb.net.co [200.69.119.228] failed - POSSIBLE BREAK-IN ATTEMPT!"

Co ew moglbym zrobic aby poprawic bezpieczenstwo swojego blaszaka?
Bo rozumiem ze pozostale komunikaty to poprostu nie udane logowania via SSH, ale co z zacytowanym komunikatem?
_________________
Asio Software Technologies
Belliash IT Weblog
Back to top
View user's profile Send private message
scyld
n00b
n00b


Joined: 31 Jan 2006
Posts: 59
PostPosted: Fri Sep 14, 2007 8:26 am    Post subject: Re: [SSHD] Bezpieczenstwo w sieci... Reply with quote
Morpheouss wrote:
Co ew moglbym zrobic aby poprawic bezpieczenstwo swojego blaszaka?
Bo rozumiem ze pozostale komunikaty to poprostu nie udane logowania via SSH, ale co z zacytowanym komunikatem?

Uruchom sobie po prostu sshd na innym porcie.
Back to top
View user's profile Send private message
ch4os
Tux's lil' helper
Tux's lil' helper


Joined: 11 Jul 2006
Posts: 92
Location: Gdansk, Poland
PostPosted: Fri Sep 14, 2007 9:20 am    Post subject: Reply with quote
Zainteresuj sie denyhosts ew. fail2ban, denyhosts spisuje sie bdb;)
Back to top
View user's profile Send private message
mirekm
Apprentice
Apprentice


Joined: 12 Feb 2004
Posts: 210
Location: Gliwice
PostPosted: Fri Sep 14, 2007 12:25 pm    Post subject: Reply with quote
Nie wiem co ostatnio pozmieniali w denyhosts, ale u mnie na serwerku przestał funkcjonować. Wymieniłem go na fail2ban i muszę powiedzieć, że ten ostatni jest genialny.
Back to top
View user's profile Send private message
quosek
Apprentice
Apprentice


Joined: 07 Mar 2006
Posts: 269
PostPosted: Fri Sep 14, 2007 2:55 pm    Post subject: Reply with quote
nie przejmuj sie - jest to problem w dnsem ;) (z tego co pamietam taki kominikat jest gdy reverse dns zwraca smieci, albo jezeli nie zwraca niczego) - tez laczac sie ode mnie z firmy czasami mam cos takiego
a ja mam zrobione tak:
- ssh na innym porcie
- blokoda w deny.hostach na wszystko zwiazane z ssh
- odblokowane w allow.hostach wszystko z ssh z *.pl, oaz IPkami gdzie jest ten blad reversa (bo wtedy nie moze ustalic domeny)

ogolnie nie mam problemow (chyba, ze mialby sie wbijac ktos z zagranicy - ale to oni glownie probuja sie wlamac), probe polaczenia mam raz na ruski miesiac
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Polskie forum (Polish) All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy