Attacco tramite ssh
Inviato: dom 6 ago 2006, 10:55
Ciao ragazzi, fortunatamanete ho il file /var/log/messages che mi scorre sempre su desktop e così ho potuto notare i seguenti messaggi.
Did not receive identification string from 80.51.250.106
Aug 6 10:43:27 manublade sshd[4494]: Failed password for root from 80.51.250.106 port 46238 ssh2
Aug 6 10:43:28 manublade sshd[4499]: Invalid user sifak from 80.51.250.106
Aug 6 10:43:28 manublade sshd[4499]: Failed password for invalid user sifak from 80.51.250.106 port 46281 ssh2
Aug 6 10:43:29 manublade sshd[4503]: Invalid user slasher from 80.51.250.106
Aug 6 10:43:29 manublade sshd[4503]: Failed password for invalid user slasher from 80.51.250.106 port 46297 ssh2
Aug 6 10:43:30 manublade sshd[4507]: Invalid user fluffy from 80.51.250.106
Aug 6 10:43:30 manublade sshd[4507]: Failed password for invalid user fluffy from 80.51.250.106 port 46308 ssh2
Aug 6 10:43:31 manublade sshd[4511]: Invalid user admin from 80.51.250.106
Aug 6 10:43:31 manublade sshd[4511]: Failed password for invalid user admin from 80.51.250.106 port 46315 ssh2
...omissis
Aug 6 10:44:11 manublade sshd[4667]: Failed password for root from 80.51.250.106 port 46752 ssh2
Aug 6 10:44:12 manublade sshd[4671]: Invalid user admin from 80.51.250.106
Aug 6 10:44:12 manublade sshd[4671]: Failed password for invalid user admin from 80.51.250.106 port 46763 ssh2
Aug 6 10:44:13 manublade sshd[4675]: Invalid user admin from 80.51.250.106
Aug 6 10:44:13 manublade sshd[4675]: Failed password for invalid user admin from 80.51.250.106 port 46777 ssh2
...omissis
Aug 6 10:45:55 manublade sshd[5051]: Invalid user add from 80.51.250.106
Aug 6 10:45:55 manublade sshd[5051]: Failed password for invalid user add from 80.51.250.106 port 47888 ssh2
Aug 6 10:45:56 manublade sshd[5055]: Invalid user michael from 80.51.250.106
Aug 6 10:45:56 manublade sshd[5055]: Failed password for invalid user michael from 80.51.250.106 port 47897 ssh2
Aug 6 10:45:57 manublade sshd[5059]: Invalid user adrian from 80.51.250.106
Aug 6 10:45:57 manublade sshd[5059]: Failed password for invalid user adrian from 80.51.250.106 port 47907 ssh2
Aug 6 10:45:58 manublade sshd[5064]: Invalid user Ionut from 80.51.250.106
Aug 6 10:45:58 manublade sshd[5064]: Failed password for invalid user Ionut from 80.51.250.106 port 47915 ssh2
Aug 6 10:45:59 manublade sshd[5068]: Invalid user telnet from 80.51.250.106
Aug 6 10:45:59 manublade sshd[5068]: Failed password for invalid user telnet from 80.51.250.106 port 47923 ssh2
Aug 6 10:46:00 manublade sshd[5072]: Invalid user irc from 80.51.250.106
Aug 6 10:46:00 manublade sshd[5072]: Failed password for invalid user irc from 80.51.250.106 port 47937 ssh2
Aug 6 10:46:01 manublade sshd[5076]: Invalid user bnc from 80.51.250.106
Aug 6 10:46:02 manublade sshd[5076]: Failed password for invalid user bnc from 80.51.250.106 port 47945 ssh2
Aug 6 10:46:03 manublade sshd[5080]: Invalid user psybnc from 80.51.250.106
Aug 6 10:46:03 manublade sshd[5080]: Failed password for invalid user psybnc from 80.51.250.106 port 47954 ssh2
Aug 6 10:46:04 manublade sshd[5084]: Invalid user is from 80.51.250.106
Aug 6 10:46:04 manublade sshd[5084]: Failed password for invalid user is from 80.51.250.106 port 47961 ssh2
Aug 6 10:46:05 manublade sshd[5088]: Invalid user Exit from 80.51.250.106
Aug 6 10:46:05 manublade sshd[5088]: Failed password for invalid user Exit from 80.51.250.106 port 47971 ssh2
...omissis
Aug 6 10:47:37 manublade sshd[5525]: Invalid user work from 80.51.250.106
Aug 6 10:47:37 manublade sshd[5525]: Failed password for invalid user work from 80.51.250.106 port 48823 ssh2
Aug 6 10:47:39 manublade sshd[5530]: Invalid user pico from 80.51.250.106
Aug 6 10:47:39 manublade sshd[5530]: Failed password for invalid user pico from 80.51.250.106 port 48829
Appena notati ho immediatamente chiuso il server ssh. Oltre che a tenerlo spento, c'è un modo per difendersi da questo tipo di attacchi? Anche se so bene che individuare un nome utente ed una password non è sempre facile vorrei evitare attacchi del genere in futuro.
Il mio pc è collegato tramite modem Lynksys wag54gs.
Grazie
Did not receive identification string from 80.51.250.106
Aug 6 10:43:27 manublade sshd[4494]: Failed password for root from 80.51.250.106 port 46238 ssh2
Aug 6 10:43:28 manublade sshd[4499]: Invalid user sifak from 80.51.250.106
Aug 6 10:43:28 manublade sshd[4499]: Failed password for invalid user sifak from 80.51.250.106 port 46281 ssh2
Aug 6 10:43:29 manublade sshd[4503]: Invalid user slasher from 80.51.250.106
Aug 6 10:43:29 manublade sshd[4503]: Failed password for invalid user slasher from 80.51.250.106 port 46297 ssh2
Aug 6 10:43:30 manublade sshd[4507]: Invalid user fluffy from 80.51.250.106
Aug 6 10:43:30 manublade sshd[4507]: Failed password for invalid user fluffy from 80.51.250.106 port 46308 ssh2
Aug 6 10:43:31 manublade sshd[4511]: Invalid user admin from 80.51.250.106
Aug 6 10:43:31 manublade sshd[4511]: Failed password for invalid user admin from 80.51.250.106 port 46315 ssh2
...omissis
Aug 6 10:44:11 manublade sshd[4667]: Failed password for root from 80.51.250.106 port 46752 ssh2
Aug 6 10:44:12 manublade sshd[4671]: Invalid user admin from 80.51.250.106
Aug 6 10:44:12 manublade sshd[4671]: Failed password for invalid user admin from 80.51.250.106 port 46763 ssh2
Aug 6 10:44:13 manublade sshd[4675]: Invalid user admin from 80.51.250.106
Aug 6 10:44:13 manublade sshd[4675]: Failed password for invalid user admin from 80.51.250.106 port 46777 ssh2
...omissis
Aug 6 10:45:55 manublade sshd[5051]: Invalid user add from 80.51.250.106
Aug 6 10:45:55 manublade sshd[5051]: Failed password for invalid user add from 80.51.250.106 port 47888 ssh2
Aug 6 10:45:56 manublade sshd[5055]: Invalid user michael from 80.51.250.106
Aug 6 10:45:56 manublade sshd[5055]: Failed password for invalid user michael from 80.51.250.106 port 47897 ssh2
Aug 6 10:45:57 manublade sshd[5059]: Invalid user adrian from 80.51.250.106
Aug 6 10:45:57 manublade sshd[5059]: Failed password for invalid user adrian from 80.51.250.106 port 47907 ssh2
Aug 6 10:45:58 manublade sshd[5064]: Invalid user Ionut from 80.51.250.106
Aug 6 10:45:58 manublade sshd[5064]: Failed password for invalid user Ionut from 80.51.250.106 port 47915 ssh2
Aug 6 10:45:59 manublade sshd[5068]: Invalid user telnet from 80.51.250.106
Aug 6 10:45:59 manublade sshd[5068]: Failed password for invalid user telnet from 80.51.250.106 port 47923 ssh2
Aug 6 10:46:00 manublade sshd[5072]: Invalid user irc from 80.51.250.106
Aug 6 10:46:00 manublade sshd[5072]: Failed password for invalid user irc from 80.51.250.106 port 47937 ssh2
Aug 6 10:46:01 manublade sshd[5076]: Invalid user bnc from 80.51.250.106
Aug 6 10:46:02 manublade sshd[5076]: Failed password for invalid user bnc from 80.51.250.106 port 47945 ssh2
Aug 6 10:46:03 manublade sshd[5080]: Invalid user psybnc from 80.51.250.106
Aug 6 10:46:03 manublade sshd[5080]: Failed password for invalid user psybnc from 80.51.250.106 port 47954 ssh2
Aug 6 10:46:04 manublade sshd[5084]: Invalid user is from 80.51.250.106
Aug 6 10:46:04 manublade sshd[5084]: Failed password for invalid user is from 80.51.250.106 port 47961 ssh2
Aug 6 10:46:05 manublade sshd[5088]: Invalid user Exit from 80.51.250.106
Aug 6 10:46:05 manublade sshd[5088]: Failed password for invalid user Exit from 80.51.250.106 port 47971 ssh2
...omissis
Aug 6 10:47:37 manublade sshd[5525]: Invalid user work from 80.51.250.106
Aug 6 10:47:37 manublade sshd[5525]: Failed password for invalid user work from 80.51.250.106 port 48823 ssh2
Aug 6 10:47:39 manublade sshd[5530]: Invalid user pico from 80.51.250.106
Aug 6 10:47:39 manublade sshd[5530]: Failed password for invalid user pico from 80.51.250.106 port 48829
Appena notati ho immediatamente chiuso il server ssh. Oltre che a tenerlo spento, c'è un modo per difendersi da questo tipo di attacchi? Anche se so bene che individuare un nome utente ed una password non è sempre facile vorrei evitare attacchi del genere in futuro.
Il mio pc è collegato tramite modem Lynksys wag54gs.
Grazie