Chinaunix

标题: LINUX连接外网的安全问题 [打印本页]

作者: zhouw68 时间: 2005-04-07 09:29
标题: LINUX连接外网的安全问题
LINUX连接外网的安全问题

我的一台pc机安装REDHAT9,作为ftp服务器连接外网。使用一段时间后，在/var/log/secure,secure.1,secure.2
secure.3,secure.4这五个安全日志文件中，发现了很多有趣的事情。

1。很多韩国人试图登陆我的pc机：方法一：用root用户，试图用不同的密码登陆我的pc机。
                           方法二：用不同的用户名，试图用简单的密码登陆我的pc机。
2。有一韩国人（IP:211.241.40.51),用不同的用户名，试图用简单的密码登陆我的pc机，足足尝试了十五分钟。
3。尝试登陆方式主要就二种：ssh 和 ftp。
4。我统计了一下，尝试登陆我的pc机的有韩国人，美国人，法国人，巴西人，中国上海人，中国北京人，
中国武汉人，中国南京人等。
5。尝试登陆最多的是韩国人，每次尝试登陆时间最长，方法最多。
6。结论：为了主机的安全，系统内的用户的密码最好又长又怪。
Mar 21 03:30:45 bms sshd(pam_unix)[24488]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rh
ost=61.33.168.176  user=root             61.33.168.176 -  韩国汉城

Mar 22 06:31:03 bms sshd(pam_unix)[25370]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rh
ost=210.127.244.207  user=root             210.127.244.207 -  韩国

Mar 22 20:53:49 bms sshd(pam_unix)[27601]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rh
ost=61.152.91.147  user=root    官方数据查询结果： 61.152.91.147 -  上海市

Mar 23 13:50:12 bms sshd(pam_unix)[31195]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rh
ost=218.158.46.159  user=nobody       218.158.46.159 -  韩国

Mar 25 07:59:54 bms sshd(pam_unix)[7330]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rho
st=218.152.126.212  user=nobody          218.152.126.212 -  韩国

Mar 26 15:52:13 bms sshd(pam_unix)[14225]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rh
ost=200.83.0.71  user=nobody       200.83.0.71 国家：巴西

Apr  4 08:27:32 bms sshd(pam_unix)[3537]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rho
st=219.238.239.10  user=root       219.238.239.10 -  北京市

Apr  4 10:35:37 bms sshd(pam_unix)[3736]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rho
st=211.241.40.51  user=named

Apr  4 15:04:18 bms vsftpd(pam_unix)[4348]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=211.167.159.68                   211.167.159.68 -  上海市

[root@bms log]# pwd
/var/log
[root@bms log]# ls
boot.log cron.3 ksyms.2 maillog.2 rpmpkgs          secure.1 spooler.4    wtmp.1
boot.log.1  cron.4 ksyms.3 maillog.3 rpmpkgs.1       secure.2 vbox       xdm-errors
boot.log.2  cups    ksyms.4 maillog.4 rpmpkgs.2       secure.3 vsftpd.log XFree86.0.log
boot.log.3  dmesg ksyms.5 messages rpmpkgs.3       secure.4 vsftpd.log.1  XFree86.0.log.old
boot.log.4  gdm    ksyms.6 messages.1  rpmpkgs.4       spooler vsftpd.log.2  XFree86.1.log
cron       httpd lastlog messages.2  samba          spooler.1  vsftpd.log.3
cron.1    ksyms.0  maillog messages.3  scrollkeeper.log  spooler.2  vsftpd.log.4
cron.2    ksyms.1  maillog.1  messages.4  secure          spooler.3  wtmp
[root@bms log]# more secure
Apr  3 07:00:02 bms sshd[3303]: Received signal 15; terminating.
Apr  3 07:01:38 bms sshd[3303]: Server listening on 0.0.0.0 port 22.
Apr  4 07:00:02 bms sshd[3303]: Received signal 15; terminating.
Apr  4 07:01:37 bms sshd[3300]: Server listening on 0.0.0.0 port 22.
Apr  4 08:27:27 bms sshd[3527]: Illegal user test from 219.238.239.10
Apr  4 08:27:28 bms sshd[3529]: Illegal user guest from 219.238.239.10
Apr  4 08:27:29 bms sshd[3531]: Illegal user admin from 219.238.239.10
Apr  4 08:27:30 bms sshd[3533]: Illegal user admin from 219.238.239.10
Apr  4 08:27:31 bms sshd[3535]: Illegal user user from 219.238.239.10
Apr  4 08:27:34 bms sshd[3537]: Failed password for root from 219.238.239.10 port 2487 ssh2
Apr  4 08:27:37 bms sshd[3539]: Failed password for root from 219.238.239.10 port 2670 ssh2
Apr  4 08:27:40 bms sshd[3541]: Failed password for root from 219.238.239.10 port 2842 ssh2
Apr  4 08:27:41 bms sshd[3543]: Illegal user test from 219.238.239.10
Apr  4 09:01:19 bms sshd[3547]: Accepted password for root from 172.19.202.161 port 1178 ssh2
Apr  4 09:32:44 bms sshd[3603]: Accepted password for root from 172.19.202.161 port 1210 ssh2
Apr  4 10:20:39 bms sshd[3649]: Accepted password for root from 172.19.201.169 port 32864 ssh2
Apr  4 10:35:01 bms sshd[3710]: Illegal user thomas from 211.241.40.51
Apr  4 10:35:04 bms sshd[3712]: Illegal user office from 211.241.40.51
Apr  4 10:35:07 bms sshd[3714]: Illegal user info from 211.241.40.51
Apr  4 10:35:10 bms sshd[3716]: Illegal user reichard from 211.241.40.51
Apr  4 10:35:13 bms sshd[3718]: Illegal user abc from 211.241.40.51
Apr  4 10:35:15 bms sshd[3720]: Illegal user petter from 211.241.40.51
Apr  4 10:35:18 bms sshd[3722]: Illegal user honda from 211.241.40.51
Apr  4 10:35:20 bms sshd[3724]: Illegal user sales from 211.241.40.51
Apr  4 10:35:23 bms sshd[3726]: Illegal user purchase from 211.241.40.51
Apr  4 10:35:26 bms sshd[3728]: Illegal user finance from 211.241.40.51
Apr  4 10:35:28 bms sshd[3730]: Illegal user aspire from 211.241.40.51
Apr  4 10:35:31 bms sshd[3732]: Illegal user cyrus from 211.241.40.51
Apr  4 10:35:34 bms sshd[3734]: Illegal user postfix from 211.241.40.51
Apr  4 10:35:39 bms sshd[3736]: Failed password for named from 211.241.40.51 port 49198 ssh2
Apr  4 10:35:42 bms sshd[3738]: Illegal user firewall from 211.241.40.51
Apr  4 10:35:45 bms sshd[3740]: Illegal user irc from 211.241.40.51
Apr  4 10:35:47 bms sshd[3742]: Illegal user ircd from 211.241.40.51
Apr  4 10:35:50 bms sshd[3744]: Illegal user amanda from 211.241.40.51
Apr  4 10:35:53 bms sshd[3746]: Illegal user fax from 211.241.40.51
Apr  4 10:35:56 bms sshd[3748]: Illegal user liviu from 211.241.40.51
Apr  4 10:35:59 bms sshd[3750]: Illegal user cristi from 211.241.40.51
Apr  4 10:36:02 bms sshd[3752]: Illegal user bogdan from 211.241.40.51
Apr  4 10:36:05 bms sshd[3754]: Illegal user project from 211.241.40.51
Apr  4 10:36:07 bms sshd[3756]: Illegal user gabriel from 211.241.40.51
Apr  4 10:36:10 bms sshd[3758]: Illegal user michael from 211.241.40.51
Apr  4 10:36:12 bms sshd[3760]: Illegal user carmen from 211.241.40.51
Apr  4 10:36:15 bms sshd[3762]: Illegal user board from 211.241.40.51
Apr  4 10:36:17 bms sshd[3764]: Illegal user vivas from 211.241.40.51
Apr  4 10:36:20 bms sshd[3766]: Illegal user samples from 211.241.40.51
Apr  4 10:36:22 bms sshd[3768]: Illegal user packing from 211.241.40.51
Apr  4 10:36:24 bms sshd[3770]: Illegal user accounting from 211.241.40.51
Apr  4 10:36:27 bms sshd[3772]: Illegal user marc from 211.241.40.51
Apr  4 10:36:30 bms sshd[3774]: Illegal user mark from 211.241.40.51
Apr  4 10:36:33 bms sshd[3776]: Illegal user mike from 211.241.40.51
Apr  4 10:36:36 bms sshd[3778]: Illegal user sara from 211.241.40.51
Apr  4 10:36:39 bms sshd[3780]: Illegal user jim from 211.241.40.51
Apr  4 10:36:41 bms sshd[3782]: Illegal user custom from 211.241.40.51
Apr  4 10:36:44 bms sshd[3784]: Illegal user kay from 211.241.40.51
Apr  4 10:36:47 bms sshd[3786]: Illegal user lab from 211.241.40.51
Apr  4 10:36:49 bms sshd[3788]: Illegal user melissa from 211.241.40.51
Apr  4 10:36:52 bms sshd[3790]: Illegal user darren from 211.241.40.51
Apr  4 10:36:55 bms sshd[3792]: Illegal user jack from 211.241.40.51
Apr  4 10:36:57 bms sshd[3794]: Illegal user iris from 211.241.40.51
Apr  4 10:37:00 bms sshd[3796]: Illegal user serg from 211.241.40.51
Apr  4 10:37:03 bms sshd[3798]: Illegal user gandalf from 211.241.40.51
Apr  4 10:37:05 bms sshd[3800]: Illegal user frodo from 211.241.40.51
Apr  4 10:37:08 bms sshd[3802]: Illegal user soft from 211.241.40.51
Apr  4 10:37:11 bms sshd[3804]: Illegal user mobile from 211.241.40.51
Apr  4 10:37:14 bms sshd[3806]: Illegal user air from 211.241.40.51
Apr  4 10:37:16 bms sshd[3808]: Illegal user boy from 211.241.40.51
Apr  4 10:37:19 bms sshd[3810]: Illegal user black from 211.241.40.51
Apr  4 10:37:22 bms sshd[3812]: Illegal user god from 211.241.40.51
Apr  4 10:37:24 bms sshd[3814]: Illegal user joe from 211.241.40.51
Apr  4 10:37:27 bms sshd[3816]: Illegal user job from 211.241.40.51
Apr  4 10:37:29 bms sshd[3818]: Illegal user blow from 211.241.40.51
Apr  4 10:37:32 bms sshd[3820]: Illegal user note from 211.241.40.51
Apr  4 10:37:35 bms sshd[3822]: Illegal user yes from 211.241.40.51
Apr  4 10:37:38 bms sshd[3824]: Illegal user check from 211.241.40.51
Apr  4 10:37:40 bms sshd[3826]: Illegal user natasha from 211.241.40.51
Apr  4 10:37:43 bms sshd[3828]: Illegal user kgb from 211.241.40.51
Apr  4 10:37:46 bms sshd[3830]: Illegal user animal from 211.241.40.51
Apr  4 10:37:48 bms sshd[3832]: Illegal user smart from 211.241.40.51
Apr  4 10:37:51 bms sshd[3834]: Illegal user trust from 211.241.40.51
Apr  4 10:37:54 bms sshd[3836]: Illegal user denied from 211.241.40.51
Apr  4 10:37:58 bms sshd[3838]: Illegal user lock from 211.241.40.51
Apr  4 10:38:00 bms sshd[3840]: Illegal user coke from 211.241.40.51
Apr  4 10:38:04 bms sshd[3842]: Illegal user power from 211.241.40.51
Apr  4 10:38:07 bms sshd[3844]: Illegal user code from 211.241.40.51
Apr  4 10:38:10 bms sshd[3846]: Illegal user source from 211.241.40.51
Apr  4 10:38:13 bms sshd[3848]: Illegal user run from 211.241.40.51
Apr  4 10:38:16 bms sshd[3850]: Illegal user key from 211.241.40.51
Apr  4 10:38:18 bms sshd[3852]: Illegal user service from 211.241.40.51
Apr  4 10:38:23 bms sshd[3854]: Failed password for ftp from 211.241.40.51 port 35596 ssh2
Apr  4 10:38:26 bms sshd[3856]: Illegal user ultra from 211.241.40.51
Apr  4 10:38:29 bms sshd[3858]: Illegal user nero from 211.241.40.51
Apr  4 10:38:32 bms sshd[3860]: Illegal user remote from 211.241.40.51
Apr  4 10:38:35 bms sshd[3862]: Illegal user top from 211.241.40.51
Apr  4 10:38:37 bms sshd[3864]: Illegal user gold from 211.241.40.51
Apr  4 10:38:40 bms sshd[3866]: Illegal user silver from 211.241.40.51
Apr  4 10:38:43 bms sshd[3868]: Illegal user magic from 211.241.40.51
Apr  4 10:38:45 bms sshd[3870]: Illegal user speed from 211.241.40.51
Apr  4 10:38:48 bms sshd[3872]: Illegal user disk from 211.241.40.51
Apr  4 10:38:51 bms sshd[3874]: Illegal user siemens from 211.241.40.51
Apr  4 10:38:54 bms sshd[3876]: Illegal user samsung from 211.241.40.51
Apr  4 10:38:57 bms sshd[3878]: Illegal user nokia from 211.241.40.51
Apr  4 10:38:59 bms sshd[3880]: Illegal user ericson from 211.241.40.51
Apr  4 10:39:03 bms sshd[3882]: Illegal user orange from 211.241.40.51
Apr  4 10:39:06 bms sshd[3884]: Illegal user origin from 211.241.40.51
Apr  4 10:39:08 bms sshd[3886]: Illegal user fun from 211.241.40.51
Apr  4 10:39:11 bms sshd[3888]: Illegal user box from 211.241.40.51
Apr  4 10:39:14 bms sshd[3890]: Illegal user sound from 211.241.40.51
Apr  4 10:39:17 bms sshd[3892]: Illegal user file from 211.241.40.51
Apr  4 10:39:19 bms sshd[3894]: Illegal user select from 211.241.40.51
Apr  4 10:39:22 bms sshd[3896]: Illegal user phone from 211.241.40.51
Apr  4 10:39:25 bms sshd[3898]: Illegal user extra from 211.241.40.51
Apr  4 10:39:28 bms sshd[3900]: Illegal user network from 211.241.40.51
Apr  4 10:39:31 bms sshd[3902]: Illegal user audio from 211.241.40.51
Apr  4 10:39:34 bms sshd[3904]: Illegal user light from 211.241.40.51
Apr  4 10:39:37 bms sshd[3906]: Illegal user hide from 211.241.40.51
Apr  4 10:39:39 bms sshd[3908]: Illegal user clock from 211.241.40.51
Apr  4 10:39:42 bms sshd[3910]: Illegal user gsm from 211.241.40.51
Apr  4 10:39:45 bms sshd[3912]: Illegal user security from 211.241.40.51
Apr  4 10:39:48 bms sshd[3914]: Illegal user browser from 211.241.40.51
Apr  4 10:39:50 bms sshd[3916]: Illegal user delet from 211.241.40.51
Apr  4 10:39:53 bms sshd[3918]: Illegal user status from 211.241.40.51
Apr  4 10:39:57 bms sshd[3920]: Illegal user image from 211.241.40.51
Apr  4 10:40:00 bms sshd[3922]: Illegal user memo from 211.241.40.51
Apr  4 10:40:03 bms sshd[3924]: Illegal user setup from 211.241.40.51
Apr  4 10:40:05 bms sshd[3926]: Illegal user profile from 211.241.40.51
Apr  4 10:40:08 bms sshd[3928]: Illegal user inbox from 211.241.40.51
Apr  4 10:40:11 bms sshd[3930]: Illegal user task from 211.241.40.51
Apr  4 10:40:13 bms sshd[3932]: Illegal user alarm from 211.241.40.51
Apr  4 10:40:16 bms sshd[3934]: Illegal user call from 211.241.40.51
Apr  4 10:40:19 bms sshd[3936]: Illegal user mac from 211.241.40.51
Apr  4 10:40:21 bms sshd[3938]: Illegal user tone from 211.241.40.51
Apr  4 10:40:24 bms sshd[3940]: Illegal user alert from 211.241.40.51
Apr  4 10:40:27 bms sshd[3942]: Illegal user ring from 211.241.40.51
Apr  4 10:40:30 bms sshd[3944]: Illegal user trade from 211.241.40.51
Apr  4 10:40:33 bms sshd[3946]: Illegal user shell from 211.241.40.51
Apr  4 10:40:36 bms sshd[3948]: Illegal user default from 211.241.40.51
Apr  4 10:40:39 bms sshd[3950]: Illegal user reset from 211.241.40.51
Apr  4 10:40:41 bms sshd[3952]: Illegal user car from 211.241.40.51
Apr  4 10:40:44 bms sshd[3954]: Illegal user pin from 211.241.40.51
Apr  4 10:40:47 bms sshd[3956]: Illegal user privacy from 211.241.40.51
Apr  4 10:40:50 bms sshd[3958]: Illegal user empty from 211.241.40.51
Apr  4 10:40:52 bms sshd[3960]: Illegal user ident from 211.241.40.51
Apr  4 10:40:55 bms sshd[3962]: Illegal user auto from 211.241.40.51
Apr  4 10:40:58 bms sshd[3964]: Illegal user enter from 211.241.40.51
Apr  4 10:41:01 bms sshd[3966]: Illegal user gprs from 211.241.40.51
Apr  4 10:41:04 bms sshd[3968]: Illegal user sam from 211.241.40.51
Apr  4 10:41:07 bms sshd[3970]: Illegal user only from 211.241.40.51
Apr  4 10:41:10 bms sshd[3972]: Illegal user network from 211.241.40.51
Apr  4 10:41:13 bms sshd[3974]: Illegal user rat from 211.241.40.51
Apr  4 10:41:16 bms sshd[3976]: Illegal user alien from 211.241.40.51
Apr  4 10:41:19 bms sshd[3978]: Illegal user duck from 211.241.40.51
Apr  4 10:41:21 bms sshd[3980]: Illegal user witch from 211.241.40.51
Apr  4 10:41:24 bms sshd[3982]: Illegal user super from 211.241.40.51
Apr  4 10:41:27 bms sshd[3984]: Illegal user ritual from 211.241.40.51
Apr  4 10:41:30 bms sshd[3986]: Illegal user create from 211.241.40.51
Apr  4 10:41:32 bms sshd[3988]: Illegal user virtual from 211.241.40.51
Apr  4 10:41:35 bms sshd[3990]: Illegal user online from 211.241.40.51
Apr  4 10:41:38 bms sshd[3992]: Illegal user lotus from 211.241.40.51
Apr  4 10:41:43 bms sshd[3994]: Illegal user take from 211.241.40.51
Apr  4 10:41:46 bms sshd[3996]: Illegal user rock from 211.241.40.51
Apr  4 10:41:48 bms sshd[3998]: Illegal user lead from 211.241.40.51
Apr  4 10:41:51 bms sshd[4000]: Illegal user doc from 211.241.40.51
Apr  4 10:41:54 bms sshd[4002]: Illegal user data from 211.241.40.51
Apr  4 10:41:57 bms sshd[4004]: Illegal user menu from 211.241.40.51
Apr  4 10:42:00 bms sshd[4006]: Illegal user anl from 211.241.40.51
Apr  4 10:42:02 bms sshd[4008]: Illegal user combat from 211.241.40.51
Apr  4 10:42:05 bms sshd[4010]: Illegal user house from 211.241.40.51
Apr  4 10:42:07 bms sshd[4012]: Illegal user war from 211.241.40.51
Apr  4 10:42:10 bms sshd[4014]: Illegal user art from 211.241.40.51
Apr  4 10:42:13 bms sshd[4016]: Illegal user lucas from 211.241.40.51
Apr  4 10:42:15 bms sshd[4018]: Illegal user dvd from 211.241.40.51
Apr  4 10:42:18 bms sshd[4020]: Illegal user fire from 211.241.40.51
Apr  4 10:42:21 bms sshd[4022]: Illegal user clone from 211.241.40.51
Apr  4 10:42:23 bms sshd[4024]: Illegal user kid from 211.241.40.51
Apr  4 10:42:26 bms sshd[4026]: Illegal user kitty from 211.241.40.51
Apr  4 10:42:29 bms sshd[4028]: Illegal user sparc from 211.241.40.51
Apr  4 10:42:32 bms sshd[4030]: Illegal user wizard from 211.241.40.51
Apr  4 10:42:34 bms sshd[4032]: Illegal user fish from 211.241.40.51
Apr  4 10:42:38 bms sshd[4034]: Illegal user andrew from 211.241.40.51
Apr  4 10:42:41 bms sshd[4036]: Illegal user pretty from 211.241.40.51
Apr  4 10:42:44 bms sshd[4038]: Illegal user nice from 211.241.40.51
Apr  4 10:42:47 bms sshd[4040]: Illegal user bear from 211.241.40.51
Apr  4 10:42:49 bms sshd[4042]: Illegal user media from 211.241.40.51
Apr  4 10:42:52 bms sshd[4044]: Illegal user bomb from 211.241.40.51
Apr  4 10:42:55 bms sshd[4046]: Illegal user bcr from 211.241.40.51
Apr  4 10:42:57 bms sshd[4048]: Illegal user nightmare from 211.241.40.51
Apr  4 10:43:00 bms sshd[4050]: Illegal user slim from 211.241.40.51
Apr  4 10:43:03 bms sshd[4052]: Illegal user funny from 211.241.40.51
Apr  4 10:43:06 bms sshd[4054]: Illegal user bat from 211.241.40.51
Apr  4 10:43:08 bms sshd[4056]: Illegal user man from 211.241.40.51
Apr  4 10:43:11 bms sshd[4058]: Illegal user zoom from 211.241.40.51
Apr  4 10:43:14 bms sshd[4060]: Illegal user mole from 211.241.40.51
Apr  4 10:43:17 bms sshd[4062]: Illegal user flood from 211.241.40.51
Apr  4 10:43:19 bms sshd[4064]: Illegal user mother from 211.241.40.51
Apr  4 10:43:22 bms sshd[4066]: Illegal user diana from 211.241.40.51
Apr  4 10:43:25 bms sshd[4068]: Illegal user xpl from 211.241.40.51
Apr  4 10:43:28 bms sshd[4070]: Illegal user last from 211.241.40.51
Apr  4 10:43:30 bms sshd[4072]: Illegal user monk from 211.241.40.51
Apr  4 10:43:33 bms sshd[4074]: Illegal user enemy from 211.241.40.51
Apr  4 10:43:36 bms sshd[4076]: Illegal user music from 211.241.40.51
Apr  4 10:43:39 bms sshd[4078]: Illegal user cobra from 211.241.40.51
Apr  4 10:43:41 bms sshd[4080]: Illegal user xxl from 211.241.40.51
Apr  4 10:43:44 bms sshd[4082]: Illegal user girl from 211.241.40.51
Apr  4 10:43:47 bms sshd[4084]: Illegal user putty from 211.241.40.51
Apr  4 10:43:50 bms sshd[4086]: Illegal user euro from 211.241.40.51
Apr  4 10:43:53 bms sshd[4088]: Illegal user flag from 211.241.40.51
Apr  4 10:43:56 bms sshd[4090]: Illegal user pistol from 211.241.40.51
Apr  4 10:43:59 bms sshd[4092]: Illegal user gun from 211.241.40.51
Apr  4 10:44:02 bms sshd[4094]: Illegal user blind from 211.241.40.51
Apr  4 10:44:04 bms sshd[4096]: Illegal user sir from 211.241.40.51
Apr  4 10:44:07 bms sshd[4098]: Illegal user safe from 211.241.40.51
Apr  4 10:44:10 bms sshd[4100]: Illegal user anti from 211.241.40.51
Apr  4 10:44:15 bms sshd[4102]: Illegal user stop from 211.241.40.51
Apr  4 10:44:23 bms sshd[4104]: Illegal user queen from 211.241.40.51
Apr  4 10:44:25 bms sshd[4106]: Illegal user king from 211.241.40.51
Apr  4 10:44:28 bms sshd[4108]: Illegal user elisabeth from 211.241.40.51
Apr  4 10:44:31 bms sshd[4110]: Illegal user stone from 211.241.40.51
Apr  4 10:44:33 bms sshd[4112]: Illegal user nexus from 211.241.40.51
Apr  4 10:44:36 bms sshd[4114]: Illegal user optic from 211.241.40.51
Apr  4 10:44:39 bms sshd[4116]: Illegal user diablo from 211.241.40.51
Apr  4 10:44:42 bms sshd[4118]: Illegal user red from 211.241.40.51
Apr  4 10:44:44 bms sshd[4120]: Illegal user blue from 211.241.40.51
Apr  4 10:44:47 bms sshd[4122]: Illegal user sparky from 211.241.40.51
Apr  4 10:44:50 bms sshd[4124]: Illegal user sergiu from 211.241.40.51
Apr  4 10:44:52 bms sshd[4126]: Illegal user quad from 211.241.40.51
Apr  4 10:44:55 bms sshd[4128]: Illegal user danger from 211.241.40.51
Apr  4 10:44:58 bms sshd[4130]: Illegal user sun from 211.241.40.51
Apr  4 10:45:01 bms sshd[4132]: Illegal user net from 211.241.40.51
Apr  4 10:45:03 bms sshd[4134]: Illegal user sony from 211.241.40.51
Apr  4 10:45:06 bms sshd[4136]: Illegal user pionner from 211.241.40.51
Apr  4 10:45:08 bms sshd[4138]: Illegal user hat from 211.241.40.51
Apr  4 10:45:11 bms sshd[4140]: Illegal user audi from 211.241.40.51
Apr  4 10:45:13 bms sshd[4142]: Illegal user bmw from 211.241.40.51
Apr  4 10:45:16 bms sshd[4144]: Illegal user lake from 211.241.40.51
Apr  4 10:45:20 bms sshd[4146]: Illegal user book from 211.241.40.51
Apr  4 10:45:23 bms sshd[4148]: Illegal user dennis from 211.241.40.51
Apr  4 10:45:26 bms sshd[4150]: Illegal user nec from 211.241.40.51
Apr  4 10:45:28 bms sshd[4152]: Illegal user flat from 211.241.40.51
Apr  4 10:45:31 bms sshd[4154]: Illegal user nuke from 211.241.40.51
Apr  4 10:45:34 bms sshd[4156]: Illegal user halo from 211.241.40.51
Apr  4 10:45:37 bms sshd[4158]: Illegal user sniper from 211.241.40.51
Apr  4 10:45:40 bms sshd[4160]: Illegal user clasic from 211.241.40.51
Apr  4 10:45:42 bms sshd[4162]: Illegal user proxy from 211.241.40.51
Apr  4 10:45:44 bms sshd[4164]: Illegal user list from 211.241.40.51
Apr  4 10:45:47 bms sshd[4166]: Illegal user click from 211.241.40.51
Apr  4 10:45:50 bms sshd[4168]: Illegal user legolas from 211.241.40.51
Apr  4 10:45:53 bms sshd[4170]: Illegal user lego from 211.241.40.51
Apr  4 10:45:56 bms sshd[4172]: Illegal user race from 211.241.40.51
Apr  4 10:45:59 bms sshd[4174]: Illegal user sandra from 211.241.40.51
Apr  4 10:46:01 bms sshd[4176]: Illegal user mig from 211.241.40.51
Apr  4 10:46:03 bms sshd[4178]: Illegal user host from 211.241.40.51
Apr  4 10:46:06 bms sshd[4180]: Illegal user testuser from 211.241.40.51
Apr  4 10:46:09 bms sshd[4182]: Illegal user zone from 211.241.40.51
Apr  4 10:46:11 bms sshd[4184]: Illegal user pop from 211.241.40.51
Apr  4 10:46:14 bms sshd[4186]: Illegal user smtp from 211.241.40.51
Apr  4 10:46:16 bms sshd[4188]: Illegal user bonnie from 211.241.40.51
Apr  4 10:46:19 bms sshd[4190]: Illegal user frances from 211.241.40.51
Apr  4 10:46:21 bms sshd[4192]: Illegal user danielle from 211.241.40.51
Apr  4 10:46:24 bms sshd[4194]: Illegal user ivan from 211.241.40.51
Apr  4 10:46:27 bms sshd[4196]: Illegal user karl from 211.241.40.51
Apr  4 10:46:30 bms sshd[4198]: Illegal user paula from 211.241.40.51
Apr  4 10:46:32 bms sshd[4200]: Illegal user otto from 211.241.40.51
Apr  4 10:46:35 bms sshd[4202]: Illegal user virgine from 211.241.40.51
Apr  4 10:46:38 bms sshd[4204]: Illegal user bret from 211.241.40.51
Apr  4 10:46:41 bms sshd[4206]: Illegal user dennis from 211.241.40.51
Apr  4 10:46:43 bms sshd[4208]: Illegal user jose from 211.241.40.51
Apr  4 10:46:46 bms sshd[4210]: Illegal user stan from 211.241.40.51
Apr  4 10:46:49 bms sshd[4212]: Illegal user lee from 211.241.40.51
Apr  4 10:46:51 bms sshd[4214]: Illegal user nadin from 211.241.40.51
Apr  4 10:46:55 bms sshd[4216]: Illegal user tony from 211.241.40.51
Apr  4 10:46:58 bms sshd[4218]: Illegal user barry from 211.241.40.51
Apr  4 10:47:00 bms sshd[4220]: Illegal user vicky from 211.241.40.51
Apr  4 10:47:03 bms sshd[4222]: Illegal user bill from 211.241.40.51
Apr  4 10:47:06 bms sshd[4224]: Illegal user larry from 211.241.40.51
Apr  4 10:47:08 bms sshd[4226]: Illegal user rose from 211.241.40.51
Apr  4 10:47:11 bms sshd[4228]: Illegal user wanda from 211.241.40.51
Apr  4 10:47:13 bms sshd[4230]: Illegal user jerry from 211.241.40.51
Apr  4 10:47:16 bms sshd[4232]: Illegal user mirna from 211.241.40.51
Apr  4 10:47:19 bms sshd[4234]: Illegal user milena from 211.241.40.51
Apr  4 10:47:24 bms sshd[4236]: Failed password for adm from 211.241.40.51 port 44296 ssh2
Apr  4 10:47:27 bms sshd[4238]: Illegal user yahoo from 211.241.40.51
Apr  4 10:47:29 bms sshd[4240]: Illegal user unknown from 211.241.40.51
Apr  4 10:47:32 bms sshd[4242]: Illegal user blues from 211.241.40.51
Apr  4 10:47:35 bms sshd[4244]: Illegal user paris from 211.241.40.51
Apr  4 10:47:37 bms sshd[4246]: Illegal user warez from 211.241.40.51
Apr  4 10:47:40 bms sshd[4248]: Illegal user quantum from 211.241.40.51
Apr  4 10:47:42 bms sshd[4250]: Illegal user local from 211.241.40.51
Apr  4 10:47:45 bms sshd[4252]: Illegal user roman from 211.241.40.51
Apr  4 10:47:48 bms sshd[4254]: Illegal user abuse from 211.241.40.51
Apr  4 10:47:51 bms sshd[4256]: Illegal user travel from 211.241.40.51
Apr  4 10:47:53 bms sshd[4258]: Illegal user ural from 211.241.40.51
Apr  4 10:47:56 bms sshd[4260]: Illegal user igor from 211.241.40.51
Apr  4 10:47:58 bms sshd[4262]: Illegal user dima from 211.241.40.51
Apr  4 10:48:01 bms sshd[4264]: Illegal user slash from 211.241.40.51
Apr  4 10:48:04 bms sshd[4266]: Illegal user plugin from 211.241.40.51
Apr  4 10:48:06 bms sshd[4268]: Illegal user ako from 211.241.40.51
Apr  4 10:48:09 bms sshd[4270]: Illegal user harris from 211.241.40.51
Apr  4 10:48:11 bms sshd[4272]: Illegal user dead from 211.241.40.51
Apr  4 10:48:14 bms sshd[4274]: Illegal user wap from 211.241.40.51
Apr  4 10:48:17 bms sshd[4276]: Illegal user lord from 211.241.40.51
Apr  4 10:48:19 bms sshd[4278]: Illegal user preview from 211.241.40.51
Apr  4 10:48:22 bms sshd[4280]: Illegal user wave from 211.241.40.51
Apr  4 10:48:25 bms sshd[4282]: Illegal user castle from 211.241.40.51
Apr  4 10:48:27 bms sshd[4284]: Illegal user protect from 211.241.40.51
Apr  4 10:48:30 bms sshd[4286]: Illegal user robison from 211.241.40.51
Apr  4 10:48:33 bms sshd[4288]: Illegal user liba from 211.241.40.51
Apr  4 10:48:35 bms sshd[4290]: Illegal user pavel from 211.241.40.51
Apr  4 10:48:38 bms sshd[4292]: Illegal user peter from 211.241.40.51
Apr  4 10:48:41 bms sshd[4294]: Illegal user film from 211.241.40.51
Apr  4 10:48:43 bms sshd[4296]: Illegal user namor from 211.241.40.51
Apr  4 10:48:46 bms sshd[4298]: Illegal user cian from 211.241.40.51
Apr  4 10:48:49 bms sshd[4300]: Illegal user fast from 211.241.40.51
Apr  4 10:48:52 bms sshd[4302]: Illegal user caterina from 211.241.40.51
Apr  4 10:48:55 bms sshd[4304]: Illegal user design from 211.241.40.51
Apr  4 10:48:57 bms sshd[4306]: Illegal user mave from 211.241.40.51
Apr  4 10:49:00 bms sshd[4308]: Illegal user ice from 211.241.40.51
Apr  4 10:49:03 bms sshd[4310]: Illegal user tnt from 211.241.40.51
Apr  4 10:49:06 bms sshd[4312]: Illegal user sensor from 211.241.40.51
Apr  4 10:49:09 bms sshd[4314]: Illegal user frank from 211.241.40.51
Apr  4 10:49:11 bms sshd[4316]: Illegal user christian from 211.241.40.51
Apr  4 10:49:14 bms sshd[4318]: Illegal user markus from 211.241.40.51
Apr  4 10:49:17 bms sshd[4320]: Illegal user doro from 211.241.40.51
Apr  4 16:21:23 bms sshd[4365]: Illegal user test from 84.16.136.66
Apr  4 16:21:30 bms sshd[4367]: Illegal user guest from 84.16.136.66
Apr  4 16:21:36 bms sshd[4369]: Illegal user admin from 84.16.136.66
Apr  4 16:21:47 bms sshd[4371]: Did not receive identification string from 84.16.136.66
Apr  5 07:00:02 bms sshd[3300]: Received signal 15; terminating.
Apr  5 07:01:41 bms sshd[3303]: Server listening on 0.0.0.0 port 22.
Apr  5 08:50:32 bms sshd[3528]: Accepted password for root from 172.19.202.161 port 1030 ssh2
Apr  5 14:54:48 bms sshd[3599]: Accepted password for root from 172.19.202.161 port 1957 ssh2
Apr  5 15:32:35 bms sshd[3644]: Accepted password for root from 172.19.202.161 port 2240 ssh2
Apr  5 17:15:58 bms sshd[3699]: Accepted password for root from 172.19.202.161 port 1102 ssh2
Apr  6 07:00:02 bms sshd[3303]: Received signal 15; terminating.
Apr  6 07:01:40 bms sshd[3303]: Server listening on 0.0.0.0 port 22.
Apr  6 07:46:07 bms sshd[3524]: Did not receive identification string from 80.76.207.25
Apr  6 08:41:00 bms sshd[3529]: Accepted password for root from 172.19.202.161 port 1035 ssh2
Apr  6 11:59:13 bms sshd[3606]: Accepted password for root from 172.19.202.161 port 1645 ssh2
Apr  6 14:58:36 bms sshd[3663]: Accepted password for root from 172.19.201.169 port 32865 ssh2
Apr  6 16:19:22 bms sshd[3726]: Accepted password for root from 172.19.202.161 port 2954 ssh2
Apr  6 16:49:26 bms sshd[3789]: Accepted password for root from 172.19.202.161 port 3046 ssh2
Apr  6 16:57:46 bms sshd[3848]: Accepted password for root from 172.19.202.161 port 3061 ssh2
Apr  6 17:05:36 bms sshd[3892]: Accepted password for root from 172.19.202.161 port 3077 ssh2
Apr  7 07:00:02 bms sshd[3303]: Received signal 15; terminating.
Apr  7 07:01:38 bms sshd[3300]: Server listening on 0.0.0.0 port 22.
Apr  7 08:35:29 bms sshd[3525]: Accepted password for root from 172.19.202.161 port 1097 ssh2
[root@bms log]#

作者: lzj_linux 时间: 2005-04-07 09:46
标题: LINUX连接外网的安全问题
这现象很正常，我的RHEL也是
所以我们才需要firewall
不过firewall并不是绝对安全，好的维护策略才重要哦

作者: platinum 时间: 2005-04-07 09:56
标题: LINUX连接外网的安全问题
限制ssh的来源地址是不错的方法

作者: lzj_linux 时间: 2005-04-07 10:15
标题: LINUX连接外网的安全问题
[quote]原帖由 "platinum"]限制ssh的来源地址是不错的方法[/quote 发表：

呵呵，我就是这样做的
只能从我们公司的IP SSH过去 :em11:
不过这样有时候也有矛盾，就是要连过去只能在公司了

作者: platinum 时间: 2005-04-07 10:18
标题: LINUX连接外网的安全问题
我做的是动态域名解析
-s xxx.3322.org
这个规则每分钟刷一次，如果远程IP变了，xxx.3322.org也会跟着变，那么这里的-s 地址也会跟着变
除非
1、3322.org的服务坏了
2、有人窃取了我3322.org动态域名的帐号密码，并修改为他的地址，并知道ssh的帐号密码

作者: lzj_linux 时间: 2005-04-07 10:31
标题: LINUX连接外网的安全问题

原帖由 "platinum" 发表：
我做的是动态域名解析
-s xxx.3322.org
这个规则每分钟刷一次，如果远程IP变了，xxx.3322.org也会跟着变，那么这里的-s 地址也会跟着变
除非
1、3322.org的服务坏了
2、有人窃取了我3322.org动态域名的帐号密码..........

老大就是厉害
有空也去研究做做

作者: zhouw68 时间: 2005-04-07 11:53
标题: LINUX连接外网的安全问题
你们都是技术高手，牛人，没的说。我的意思是通过安全日志文件，发现了很多有趣的事情：谁（韩国人）在危害网络的安全，方法，手段，谁的水平高。还有就是网络攻击不过如此，没有什么神秘。通过检查安全日志文件，可以为自己的工作提供改善思路。
谢谢你们提供的思想。

作者: platinum 时间: 2005-04-07 12:19
标题: LINUX连接外网的安全问题
不是韩国的水平高，正相反，是韩国的水平低
韩国的肉鸡最多，我认识一个任手里有几十个韩国肉鸡地址，随时随意可以发起攻击，他们还经常用肉鸡给自己架站，省得租用空间了

作者: cuci 时间: 2005-04-07 12:23
标题: LINUX连接外网的安全问题

原帖由 "lzj_linux" 发表：

呵呵，我就是这样做的
只能从我们公司的IP SSH过去 :em11:
不过这样有时候也有矛盾，就是要连过去只能在公司了

如果服务器有问题可就麻烦了，还得去公司，其实最好是能登陆对MAC作检查，但是没能研究出来

作者: platinum 时间: 2005-04-07 12:38
标题: LINUX连接外网的安全问题

原帖由 "cuci" 发表：

如果服务器有问题可就麻烦了，还得去公司，其实最好是能登陆对MAC作检查，但是没能研究出来

MAC地址是二层的东西，是不过路由的，你的想法在internet上无法实现

作者: lzj_linux 时间: 2005-04-07 12:46
标题: LINUX连接外网的安全问题

原帖由 "cuci" 发表：

如果服务器有问题可就麻烦了，还得去公司，其实最好是能登陆对MAC作检查，但是没能研究出来

是啊，要是iptables的netfilter支持这样的语句多好啊：
iptables -t net -A PROROUTING -p tcp -m mac --mac:00.0f.7r.xx.xx.xx --dport 22 -j ACCEPT

多好啊

作者: zhouw68 时间: 2005-04-07 12:48
标题: LINUX连接外网的安全问题

原帖由 "platinum" 发表：
不是韩国的水平高，正相反，是韩国的水平低
韩国的肉鸡最多，我认识一个任手里有几十个韩国肉鸡地址，随时随意可以发起攻击，他们还经常用肉鸡给自己架站，省得租用空间了

思路有问题：肉鸡多，是管理人的水平不高。不能得出韩国的攻击水平低。
管理人和攻击人有区别。
攻击人水平高低要看日志。
谢谢。

作者: platinum 时间: 2005-04-07 13:03
标题: LINUX连接外网的安全问题
你曲解了我的意思

我没说“韩国的攻击水平低”，我说“不是韩国的水平高，正相反，是韩国的水平低”，没说攻击水平

至于韩国的攻击水平如何，我就不知道了
反正我知道如果真的很高，你早就被黑了，而且日志也看不到
扫描、试密码，这个谁都会！

作者: 双眼皮的猪 时间: 2005-04-07 13:16
标题: LINUX连接外网的安全问题

原帖由 "lzj_linux" 发表：

是啊，要是iptables的netfilter支持这样的语句多好啊：
iptables -t net -A PROROUTING -p tcp -m mac --mac:00.0f.7r.xx.xx.xx --dport 22 -j ACCEPT

多好啊

可以支持对mac进行限制,但是在mac地址上做文章完全不可能...
platinum已经说过了...而且原来也回答过cuci的帖子...
我觉得提出这个问题的朋友需要先了解一下tcpip几个层...
这个想法在理论上就是错误的...

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)