| Freesco, NND, CDN, EOS http://forum.freesco.pl/ |
|
| Włamanie?? http://forum.freesco.pl/viewtopic.php?f=22&t=8381 |
Strona 1 z 1 |
| Autor: | Dividos [ niedziela, 31 lipca 2005, 23:04 ] |
| Tytuł: | Włamanie?? |
Podczas mojej 2 tygodniowej nieobecności restartowany był serwer pod kontrolą nnd. Wynik polecenia last wygląda następująco Cytuj: reboot system boot 2.4.31-1nnd Fri Jul 29 12:50 (2+09:55) reboot system boot 2.4.31-1nnd Mon Jul 25 15:48 (6+06:57) reboot system boot 2.4.31-1nnd Mon Jul 25 15:28 (6+07:18) Czy nnd samo się restartuje? Jak jest rejesrtowany zanik napięcia i ponowne podniesienie kompa? W /var/log/auth2 z dnia 29 LIPCA znalazłem coś takiego oto FRAGMENT Cytuj: Plik: auth.2 Kol 0 121701 bajtów [przyrost] 100% /var/log/btmp Jul 29 10:32:19 router_nnd sshd[5768]: Failed pass- word for root from 221.148.206.62 port 38560 ssh2 Jul 29 10:32:19 router_nnd sshd[5768]: Excess permission or bad ownership on file /var/log/btmp Jul 29 10:32:22 router_nnd sshd[5770]: Failed pass- word for root from 221.148.206.62 port 38643 ssh2 Jul 29 10:32:22 router_nnd sshd[5770]: Excess permission or bad ownership on file /var/log/btmp Jul 29 10:32:25 router_nnd sshd[5772]: Failed pass- word for root from 221.148.206.62 port 38724 ssh2 Jul 29 10:32:25 router_nnd sshd[5772]: Excess permission or bad ownership on file /var/log/btmp Jul 29 10:32:28 router_nnd sshd[5774]: Failed pass- word for root from 221.148.206.62 port 38809 ssh2 Jul 29 10:32:28 router_nnd sshd[5774]: Excess permission or bad ownership on file /var/log/btmp Jul 29 10:32:36 router_nnd sshd[5776]: Failed pass- word for root from 221.148.206.62 port 39046 ssh2 Jul 29 10:32:36 router_nnd sshd[5776]: Excess permission or bad ownership on file /var/log/btmp Jul 29 10:32:37 router_nnd sshd[5778]: Did not re- ceive identification string from 221.148.206.62 Jul 29 12:50:49 router_nnd sshd[167]: Server listening on 0.0.0.0 port 22. Czyżby włamanko? W dniu 26 lipca mam taki zapis w pliku auth5 Cytuj: library from 217.119.144.150 Jul 26 23:22:51 router_nnd
sshd[2876]: reverse mapping checking getaddrinfo for dsl21.se- fanet.ch failed - POSSIBLE BREAKIN ATTEMPT! Jul 26 23:22:51 router_nnd sshd[2876]: Excess permission or bad ownership on file /var/log/btmp Jul 26 23:22:51 router_nnd sshd[2876]: error: Could not get shadow information for NOUSER Jul 26 23:22:51 router_nnd sshd[2876]: Failed password for invalid user library from 217.119.144.150 port 55510 ssh2 Jul 26 23:22:51 router_nnd sshd[2876]: Excess permission or bad ownership on file /var/log/btmp Jul 26 23:22:52 router_nnd sshd[2878]: Invalid user info from 217.119.144.150 Jul 26 23:22:52 router_nnd sshd[2878]: reverse mapping checking getaddrinfo for dsl21.sefanet.ch failed - POSSIBLE BREAKIN ATTEMPT! Jul 26 23:22:52 router_nnd sshd[2878]: Excess permission or bad ownership on file /var/log/btmp Jul 26 23:22:52 router_nnd sshd[2878]: error: Could not get shadow information for NOUSER Jul 26 23:22:52 router_nnd sshd[2878]: Failed password for invalid user info from 217.119.144.150 port 55547 ssh2 Jul 26 23:22:52 router_nnd sshd[2878]: Excess permission or bad ownership on file /var/log/btmp Jul 26 23:22:54 router_nnd sshd[2880]: Invalid user shell from 217.119.144.150 Jul 26 23:22:54 router_nnd sshd[2880]: reverse mapping checking getaddrinfo for dsl21.sefanet.ch failed - POSSIBLE BREAKIN ATTEMPT! Jul 26 23:22:54 router_nnd sshd[2880]: Excess permission or bad ownership on file /var/log/btmp Jul 26 23:22:54 router_nnd sshd[2880]: error: Could not get shadow information for NOUSER Jul 26 23:22:54 router_nnd sshd[2880]: Failed password for invalid user shell from 217.119.144.150 port 55594 ssh2 Jul 26 23:22:54 router_nnd sshd[2880]: Excess permission or bad ownership on file /var/log/btmp Jul 26 23:22:55 router_nnd sshd[2882]: Invalid user linux from 217.119.144.150 Jul 26 23:22:55 router_nnd sshd[2882]: reverse mapping checking getaddrinfo for dsl21.sefanet.ch failed - POSSIBLE BREAKIN ATTEMPT! Jul 26 23:22:55 router_nnd sshd[2882]: Excess permission or bad ownership on file /var/log/btmp Jul 26 23:22:55 router_nnd sshd[2882]: error: Could not get shadow information for NOUSER Jul 26 23:22:55 router_nnd sshd[2882]: Failed password for invalid user linux from 217.119.144.150 port 55656 ssh2 Jul 26 23:22:55 router_nnd sshd[2882]: Excess permission or bad ownership on file /var/log/btmp Jul 26 23:23:05 router_nnd sshd[2884]: Did not re- ceive identification string from 217.119.144.150 BARDZO PROSZĘ O POMOC!!! |
|
| Autor: | Maciek [ poniedziałek, 1 sierpnia 2005, 00:46 ] |
| Tytuł: | |
Nie sądzę, aby to byłow włamanie, choć na pewno było skanowanie ssh. Co do restartów, to można zrestartować komputer nie znając hasła przez ctrl + alt + del z klawiatury. |
|
| Autor: | Dividos [ poniedziałek, 1 sierpnia 2005, 11:22 ] |
| Tytuł: | |
Co ciekawe na drugim serwerze za tym routeremm nnd 25 lipca też była podobna sytuacja. To już nie jest takie ciekawe.... Jak w logach wygląda zapis gdy braknie napięcia? Czy cokolwiek jest zapisywane? |
|
| Strona 1 z 1 | Strefa czasowa UTC+2godz. |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|