论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2006-08-15 03:57 |只看该作者 |倒序浏览

我是新手，请教一下：
什么时候用IPFILTER (IPF) ？什么时候用IPFIREWALL (IPFW) ？

另外：我想查看以往曾经输入过的命令和操作，就用lastcomm -f acct.0，但显示内容如下：
sh             -    root          ttyp0    0.00 secs Tue Aug 15 03:33
more          -    root          ttyp0    0.00 secs Tue Aug 15 03:33
zcat          -    root          ttyp0    0.00 secs Tue Aug 15 03:33
sh             -    root          ttyp0    0.00 secs Tue Aug 15 03:33
sh             -F    root          ttyp0    0.00 secs Tue Aug 15 03:33
col             -    root          ttyp0    0.00 secs Tue Aug 15 03:33
groff          -    root          ttyp0    0.00 secs Tue Aug 15 03:33
grotty          -    root          ttyp0    0.00 secs Tue Aug 15 03:33
troff          -    root          ttyp0    0.05 secs Tue Aug 15 03:33
tbl             -    root          ttyp0    0.00 secs Tue Aug 15 03:33
zcat          -    root          ttyp0    0.00 secs Tue Aug 15 03:33
man             -    root          ttyp0    0.02 secs Tue Aug 15 03:33
cron          -F    root          __       0.00 secs Tue Aug 15 03:33
sh             -    operator       __       0.00 secs Tue Aug 15 03:33
sh             -    operator       __       0.00 secs Tue Aug 15 03:33
dd             -    operator       __       0.00 secs Tue Aug 15 03:33
mv             -    operator       __       0.00 secs Tue Aug 15 03:33
mv             -    operator       __       0.00 secs Tue Aug 15 03:33
mv             -    operator       __       0.00 secs Tue Aug 15 03:33
mv             -    operator       __       0.00 secs Tue Aug 15 03:33
mv             -    operator       __       0.00 secs Tue Aug 15 03:33
mv             -    operator       __       0.00 secs Tue Aug 15 03:33
mv             -    operator       __       0.00 secs Tue Aug 15 03:33
rm             -    operator       __       0.00 secs Tue Aug 15 03:33
jot             -    operator       __       0.00 secs Tue Aug 15 03:33
……
基本上都不是我输入的命令，是不是我的命令（例如fetch http://www.abc.com/abc.zip）被拆解成n个内部操作了？

而我用history查看时，就更离谱了，不但没有我输入的类似fetch http://www.abc.com/abc.zip的命令，而且中间还少了好几天的命令（虽然history只显示时间不显示日期，但我前两天输入的一个都没有，反倒以前的有些命令还在），是我用法错误？还是被人修改过呢？

文库|博客

HonestQiao

版主

论坛徽章:: 1

2楼 [报告]

发表于 2006-08-15 09:01 |只看该作者

http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/
看ipf和ipfw，基本上没有说必须选择谁的理由．

看看auth的日志里面说了什么啊．

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

iamrch

白手起家

论坛徽章:: 0

3楼 [报告]

发表于 2006-08-15 16:23 |只看该作者

auth里面很多内容，还没看完，但发现一些尝试性的连接：

Aug 15 07:45:40 hello sshd[1162]: Did not receive identification string from 218.91.233.19
Aug 15 07:45:40 hello sshd[1163]: Did not receive identification string from 218.91.233.19
Aug 15 07:50:28 hello sshd[1167]: Invalid user !@#$%^" from 218.91.233.19
Aug 15 07:50:28 hello sshd[1168]: Invalid user !@#$%^" from 218.91.233.19
Aug 15 07:50:29 hello sshd[1171]: Invalid user !@#$%^" from 218.91.233.19
Aug 15 07:50:29 hello sshd[1173]: Invalid user !@#$%^" from 218.91.233.19
Aug 15 07:50:29 hello sshd[1175]: Invalid user !@#$%^" from 218.91.233.19
Aug 15 07:50:30 hello sshd[1177]: Invalid user !@#$%^" from 218.91.233.19
Aug 15 07:50:30 hello sshd[1179]: Invalid user !@#$%^" from 218.91.233.19
Aug 15 07:50:30 hello sshd[1181]: Invalid user !@#$%^" from 218.91.233.19
Aug 15 07:50:32 hello sshd[1199]: Invalid user #jaime56 from 218.91.233.19
Aug 15 07:50:33 hello sshd[1201]: Invalid user #jaime56 from 218.91.233.19
Aug 15 07:50:33 hello sshd[1203]: Invalid user #jaime56 from 218.91.233.19
Aug 15 07:50:33 hello sshd[1205]: Invalid user #jaime56 from 218.91.233.19
Aug 15 07:50:33 hello sshd[1207]: Invalid user #jaime56 from 218.91.233.19
Aug 15 07:50:34 hello sshd[1209]: Invalid user #jaime56 from 218.91.233.19
Aug 15 07:50:34 hello sshd[1211]: Invalid user #jaime56 from 218.91.233.19
Aug 15 07:50:34 hello sshd[1213]: Invalid user #jaime56 from 218.91.233.19
Aug 15 07:50:36 hello sshd[1229]: Invalid user * from 218.91.233.19
Aug 15 07:50:37 hello sshd[1233]: Invalid user * from 218.91.233.19
Aug 15 07:50:37 hello sshd[1235]: Invalid user * from 218.91.233.19
Aug 15 07:50:37 hello sshd[1237]: Invalid user * from 218.91.233.19
Aug 15 07:50:38 hello sshd[1241]: Invalid user * from 218.91.233.19
Aug 15 07:50:40 hello sshd[1251]: Invalid user @#$%^& from 218.91.233.19
Aug 15 07:50:40 hello sshd[1253]: Invalid user @#$%^& from 218.91.233.19
Aug 15 07:50:41 hello sshd[1255]: Invalid user @#$%^& from 218.91.233.19
Aug 15 07:50:41 hello sshd[1257]: Invalid user @#$%^& from 218.91.233.19
Aug 15 07:50:44 hello sshd[1267]: Invalid user a from 218.91.233.19
Aug 15 07:50:44 hello sshd[1269]: Invalid user a from 218.91.233.19
Aug 15 07:50:45 hello sshd[1271]: Invalid user a from 218.91.233.19
Aug 15 07:50:45 hello sshd[1273]: Invalid user a from 218.91.233.19
Aug 15 07:50:51 hello sshd[1283]: Invalid user aa from 218.91.233.19
Aug 15 07:50:51 hello sshd[1285]: Invalid user aa from 218.91.233.19
Aug 15 07:50:52 hello sshd[1287]: Invalid user aa from 218.91.233.19
Aug 15 07:50:52 hello sshd[1289]: Invalid user aa from 218.91.233.19
Aug 15 07:50:52 hello sshd[1239]: Invalid user * from 218.91.233.19
Aug 15 07:50:54 hello sshd[1299]: Invalid user aaa from 218.91.233.19
Aug 15 07:50:55 hello sshd[1301]: Invalid user aaa from 218.91.233.19
Aug 15 07:50:55 hello sshd[1303]: Invalid user aaa from 218.91.233.19
Aug 15 07:50:56 hello sshd[1305]: Invalid user aaa from 218.91.233.19
Aug 15 07:50:58 hello sshd[1315]: Invalid user aaaaaa from 218.91.233.19
……
……
Aug 15 07:52:16 hello sshd[1641]: Invalid user aaheim from 218.91.233.19
Aug 15 07:52:19 hello sshd[1651]: Invalid user aake from 218.91.233.19
Aug 15 07:52:34 hello sshd[1653]: Invalid user aake from 218.91.233.19
……

好像在穷举……

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

HonestQiao

版主

论坛徽章:: 1

4楼 [报告]

发表于 2006-08-15 16:28 |只看该作者

有没有举出来的记录？

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

iamrch

白手起家

论坛徽章:: 0

5楼 [报告]

发表于 2006-08-15 16:49 |只看该作者

看了看以前的，还有一些穷举：

Jul 29 20:51:48 hello sshd[14826]: Did not receive identification string from 65.19.178.127
Jul 29 20:51:48 hello sshd[14827]: Did not receive identification string from 65.19.178.127
Jul 29 20:58:58 hello sshd[14862]: Did not receive identification string from 65.19.178.127
Jul 29 20:59:02 hello sshd[14865]: Invalid user admin from 65.19.178.127
Jul 29 20:59:05 hello sshd[14867]: Invalid user test from 65.19.178.127
Jul 29 20:59:08 hello sshd[14869]: Invalid user testing from 65.19.178.127
Jul 29 20:59:11 hello sshd[14871]: Invalid user tester from 65.19.178.127
Jul 29 20:59:15 hello sshd[14873]: Invalid user academy from 65.19.178.127
Jul 29 20:59:19 hello sshd[14875]: Invalid user protector from 65.19.178.127
Jul 29 20:59:25 hello sshd[14881]: Did not receive identification string from 65.19.178.127

……

Aug  4 02:42:57 hello sshd[47573]: Invalid user lpd from 82.165.182.231
Aug  4 02:43:03 hello sshd[47581]: Invalid user admin from 82.165.182.231
Aug  4 02:43:11 hello sshd[47594]: Invalid user ftpuser from 82.165.182.231
Aug  4 02:43:33 hello sshd[47623]: Invalid user mailtest from 82.165.182.231
Aug  4 02:43:51 hello sshd[47645]: Invalid user testuser from 82.165.182.231
Aug  4 02:44:08 hello sshd[47682]: Invalid user sales from 82.165.182.231
Aug  4 02:44:28 hello sshd[47712]: Invalid user postgres from 82.165.182.231
Aug  4 02:45:01 hello sshd[47758]: Invalid user adm from 82.165.182.231
Aug  4 02:45:25 hello sshd[47793]: Invalid user student from 82.165.182.231
Aug  4 02:45:43 hello sshd[47819]: Invalid user service from 82.165.182.231
Aug  4 02:46:18 hello sshd[47867]: Invalid user user from 82.165.182.231
Aug  4 02:46:36 hello sshd[47893]: Invalid user guest from 82.165.182.231
Aug  4 02:47:17 hello sshd[47947]: Invalid user ftp from 82.165.182.231
Aug  4 02:47:38 hello sshd[47977]: Invalid user oracle from 82.165.182.231
Aug  4 02:47:55 hello sshd[48001]: Invalid user info from 82.165.182.231
Aug  4 02:48:15 hello sshd[48029]: Invalid user temp from 82.165.182.231
Aug  4 02:48:35 hello sshd[48059]: Invalid user office from 82.165.182.231
Aug  4 02:48:56 hello sshd[48087]: Invalid user public from 82.165.182.231
Aug  4 02:49:13 hello sshd[48111]: Invalid user webadmin from 82.165.182.231
Aug  4 02:49:40 hello sshd[48145]: Invalid user webmaster from 82.165.182.231
Aug  4 02:49:52 hello sshd[48161]: Invalid user apache from 82.165.182.231
Aug  4 02:50:09 hello sshd[48188]: Invalid user fax from 82.165.182.231
Aug  4 02:50:35 hello sshd[48226]: Invalid user steven from 82.165.182.231
Aug  4 02:50:57 hello sshd[48252]: Invalid user mark from 82.165.182.231
Aug  4 02:51:53 hello sshd[48326]: Invalid user dave from 82.165.182.231
Aug  4 02:51:53 hello sshd[48328]: Invalid user david from 82.165.182.231
Aug  4 02:52:15 hello sshd[48356]: Invalid user kevin from 82.165.182.231
Aug  4 02:52:50 hello sshd[48404]: Invalid user susan from 82.165.182.231
Aug  4 02:52:58 hello sshd[48414]: Invalid user mail from 82.165.182.231
Aug  4 02:53:15 hello sshd[48434]: Invalid user client from 82.165.182.231
Aug  4 02:53:51 hello sshd[48480]: Invalid user patrick from 82.165.182.231
Aug  4 02:54:11 hello sshd[48504]: Invalid user mike from 82.165.182.231
Aug  4 02:54:36 hello sshd[48532]: Invalid user richard from 82.165.182.231
Aug  4 02:55:00 hello sshd[48566]: Invalid user linda from 82.165.182.231
Aug  4 02:55:14 hello sshd[48602]: Invalid user james from 82.165.182.231
Aug  4 02:55:44 hello sshd[48644]: Invalid user robert from 82.165.182.231
Aug  4 02:55:53 hello sshd[48655]: Invalid user john from 82.165.182.231
Aug  4 02:56:13 hello sshd[48683]: Invalid user alex from 82.165.182.231

……