管理人室 の 160 番の書き込みへコメントを付けます.
ボード:
T-Net - 管理人室
フリートーク - フリートーク MainStream
音楽 - 音楽 MainStream
コンピュータ音楽 - コンピュータ音楽 MainStream
コンピュータ音楽 - MIDI
コンピュータ音楽 - DTM おすすめリンク集
コンピュータ音楽 - 音楽理論・作曲技術
コンピュータ音楽 - 習作 発表会
コンピュータ音楽 - オリジナル音楽 発表会
コンピュータ音楽 - 既存曲の研究
フラクタル・Math Art - フラクタル・Math Art MainStream
フラクタル・Math Art - TFEngine & T-Fract 開発室
コンピュータ - コンピュータ MainStream
コンピュータ - プログラミングのお話
コンピュータ - UNIX
コンピュータ - インターネット
ゲーム - ゲーム MainStream
ゲーム - PlayStation
ゲーム - PlayStation2
ハンドル(名前):
(guest)
Subject:
書き込み:(1行は折り返さないように30文字程度で改行してください。)
> 実家から戻ってきたので調べました.sshdの穴をつかれたっぽいです. > Dec 30 21:37:51 ns sshd[13389]: log: Connection from 210.143.101.37 port 31847 > Dec 30 21:37:51 ns sshd[13390]: log: Connection from 210.143.101.37 port 31849 > Dec 30 21:37:51 ns sshd[13391]: log: Connection from 210.143.101.37 port 31850 > Dec 30 21:37:52 ns sshd[13391]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:52 ns sshd[13392]: log: Connection from 210.143.101.37 port 31851 > Dec 30 21:37:52 ns sshd[13393]: log: Connection from 210.143.101.37 port 31852 > Dec 30 21:37:53 ns sshd[13393]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:53 ns sshd[13394]: log: Connection from 210.143.101.37 port 31905 > Dec 30 21:37:53 ns sshd[13395]: log: Connection from 210.143.101.37 port 31908 > Dec 30 21:37:53 ns sshd[13396]: log: Connection from 210.143.101.37 port 31961 > Dec 30 21:37:53 ns sshd[13397]: log: Connection from 210.143.101.37 port 31962 > Dec 30 21:37:54 ns sshd[13398]: log: Connection from 210.143.101.37 port 31963 > Dec 30 21:37:54 ns sshd[13397]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:54 ns sshd[13399]: log: Connection from 210.143.101.37 port 31964 > Dec 30 21:37:55 ns sshd[13399]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:55 ns sshd[13400]: log: Connection from 210.143.101.37 port 31965 > Dec 30 21:37:55 ns sshd[13400]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:55 ns sshd[13401]: log: Connection from 210.143.101.37 port 31966 > Dec 30 21:37:56 ns sshd[13402]: log: Connection from 210.143.101.37 port 31967 > Dec 30 21:37:56 ns sshd[13401]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:56 ns sshd[13403]: log: Connection from 210.143.101.37 port 31971 > Dec 30 21:37:56 ns sshd[13402]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:57 ns sshd[13403]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:57 ns sshd[13404]: log: Connection from 210.143.101.37 port 31972 > Dec 30 21:37:57 ns sshd[13405]: log: Connection from 210.143.101.37 port 32039 > Dec 30 21:37:58 ns sshd[13405]: fatal: Local: Corrupted check bytes on input. > Dec 30 21:37:58 ns sshd[13406]: log: Connection from 210.143.101.37 port 32040 > Dec 30 21:37:58 ns sshd[13407]: log: Connection from 210.143.101.37 port 32041 > Dec 30 21:37:58 ns sshd[13408]: log: Connection from 210.143.101.37 port 32043 > Dec 30 21:37:59 ns sshd[13409]: log: Connection from 210.143.101.37 port 32098 > Dec 30 21:37:59 ns sshd[13410]: log: Connection from 210.143.101.37 port 32161 > Dec 30 21:37:59 ns sshd[13411]: log: Connection from 210.143.101.37 port 32166 > Dec 30 21:38:00 ns sshd[13412]: log: Connection from 210.143.101.37 port 32219 > Dec 30 21:38:00 ns sshd[13413]: log: Connection from 210.143.101.37 port 32220 > Dec 30 21:38:00 ns sshd[13417]: log: Connection from 210.143.101.37 port 32221 > Dec 30 21:38:01 ns sshd[13418]: log: Connection from 210.143.101.37 port 32222 > Dec 30 21:38:01 ns sshd[13419]: log: Connection from 210.143.101.37 port 32223 > Dec 30 21:38:01 ns sshd[13420]: log: Connection from 210.143.101.37 port 32230 > Dec 30 21:38:02 ns sshd[13421]: log: Connection from 210.143.101.37 port 32284 > Dec 30 21:38:02 ns sshd[13422]: log: Connection from 210.143.101.37 port 32285 > Dec 30 21:38:02 ns sshd[13423]: log: Connection from 210.143.101.37 port 32286 > Dec 30 21:38:03 ns sshd[13424]: log: Connection from 210.143.101.37 port 32287 > Dec 30 21:38:03 ns sshd[13424]: fatal: Local: crc32 compensation attack: network > attack detected > Dec 30 21:38:03 ns sshd[13425]: log: Connection from 210.143.101.37 port 32289 > Dec 30 21:38:05 ns sshd[13426]: log: Connection from 210.143.101.37 port 32348 > Dec 30 21:38:08 ns sshd[13427]: log: Connection from 210.143.101.37 port 32349 > Dec 30 21:38:10 ns sshd[13428]: log: Connection from 210.143.101.37 port 32350 > Dec 30 21:38:12 ns sshd[13429]: log: Connection from 210.143.101.37 port 32351 > Dec 30 21:38:14 ns sshd[13429]: fatal: Local: crc32 compensation attack: network > attack detected > Dec 30 21:38:14 ns sshd[13430]: log: Connection from 210.143.101.37 port 32353 > Dec 30 21:38:17 ns sshd[13431]: log: Connection from 210.143.101.37 port 32413 > Dec 30 21:38:19 ns sshd[13431]: fatal: Local: crc32 compensation attack: network > attack detected > Dec 30 21:38:19 ns sshd[13432]: log: Connection from 210.143.101.37 port 32414 > Dec 30 21:38:21 ns sshd[13433]: log: Connection from 210.143.101.37 port 32415 > Dec 30 21:38:24 ns sshd[13434]: log: Connection from 210.143.101.37 port 32416 > Dec 30 21:38:26 ns sshd[13435]: log: Connection from 210.143.101.37 port 32480 > Dec 30 21:38:28 ns sshd[13435]: fatal: Local: crc32 compensation attack: network > attack detected > Dec 30 21:38:28 ns sshd[13436]: log: Connection from 210.143.101.37 port 32547 > Dec 30 21:38:30 ns sshd[13437]: log: Connection from 210.143.101.37 port 32548 > Dec 30 21:38:33 ns sshd[13438]: log: Connection from 210.143.101.37 port 32611 > Dec 30 21:38:35 ns sshd[13439]: log: Connection from 210.143.101.37 port 32612 > Dec 30 21:38:37 ns sshd[13440]: log: Connection from 210.143.101.37 port 32674 > Dec 30 21:38:38 ns sshd[13441]: log: Connection from 210.143.101.37 port 32735 > Dec 30 21:38:38 ns sshd[13442]: log: Connection from 210.143.101.37 port 32801 > Dec 30 21:38:53 ns PAM_pwdb[13446]: password for (www/15) changed by ((null)/0) > www ユーザーでとりあえず侵入したようです. > その後,1度はいっている模様. > Dec 31 01:02:00 ns PAM_pwdb[15115]: (su) session opened for user nobody by (uid=99) > Dec 31 01:02:30 ns PAM_pwdb[15115]: (su) session closed for user nobody > 更に後に,ftpへのアクセスが‥‥‥ > Dec 31 07:08:36 ns ftpd[16383]: getpeername (in.ftpd): Transport endpoint is not connected > Dec 31 09:10:39 ns ftpd[16829]: FTP session closed > 途中こんなのが...ってこれはtotちゃんかな. > Dec 31 18:44:47 ns PAM_pwdb[19585]: 1 authentication failure; (uid=0) -> tnet for ftp service > Dec 31 18:44:47 ns syslog: failed login from tn-av98.ppp.ttcn.ne.jp [61.114.33.98], tnet > 次ぎに,sshdで入られました. > Dec 31 19:12:35 ns sshd[19772]: log: Connection from 210.143.101.37 port 1022 > Dec 31 19:12:45 ns sshd[19772]: log: Password authentication for www accepted. > ftpdユーザーになりすまして・・・ > Dec 31 19:14:18 ns PAM_pwdb[19797]: (su) session opened for user ftpd by www(uid=0) > Dec 31 19:16:35 ns PAM_pwdb[19797]: (su) session closed for user ftpd > Dec 31 19:33:01 ns sshd[19772]: fatal: Connection closed by remote host. > telnetd にもアタック仕掛けてる? > Dec 31 23:28:30 ns telnetd[21272]: ttloop: peer died: Unknown error > また侵入. > Jan 1 01:02:01 ns PAM_pwdb[21610]: (su) session opened for user nobody by (uid=99) > Jan 1 01:02:29 ns PAM_pwdb[21610]: (su) session closed for user nobody > Jan 1 09:44:23 ns PAM_pwdb[23318]: (login) session opened for user tnet by (uid=0) > これは何だろう? > Jan 1 09:51:33 ns sshd[23443]: log: Connection from 64.159.78.2 port 2451 > Jan 1 09:51:38 ns sshd[23443]: fatal: Local: Your ssh version is too old and is no longer supported. Please install a newer version. > というわけで,最初の方のIPみると,同じPROXなんですね. > そこを踏み台にしてこっちにきた可能性が高そうです. > とりあえず,これからsshdアップデートします(^^; > むぅ.
■ メインページ