[Tecnica] attacco bruteforce

Freeze NorthPole freeze782 a gmail.com
Gio 11 Ott 2012 09:22:07 BST 

scusami hai ragione,
io non mi sono accorto di nulla, ho solo avuto questa mail:


---mail ---
You are receiving this email as our automated intrusion detection has
picked up information below that leads us to believe an IP address in
your netblock is attempting to infiltrate our server. Its IP is:
86.109.160.33.

 Due to this behaviour we have automatically put an IP block in place
prohibiting all traffic from that address. If you feel this is in
error then please reply to this email and we will look into it in due
course.

Regards,

TusProfesionales Support

The current machine timezone is recorded as CET +1


Oct 10 20:55:10 correo sshd[1520]: Failed password for root from
78.46.229.107 port 59234 ssh2
Oct 10 20:55:13 correo sshd[1817]: Failed password for root from
78.46.229.107 port 59581 ssh2
Oct 10 20:55:15 correo sshd[2179]: Failed password for root from
78.46.229.107 port 59921 ssh2
Oct 10 20:55:18 correo sshd[2362]: Failed password for root from
78.46.229.107 port 60266 ssh2
Oct 10 20:55:21 correo sshd[2422]: Failed password for root from
78.46.229.107 port 60588 ssh2
Oct 10 20:55:23 correo sshd[2480]: Failed password for root from
78.46.229.107 port 60902 ssh2
Oct 10 20:55:26 correo sshd[2562]: Failed password for root from
78.46.229.107 port 32975 ssh2
Oct 10 20:55:29 correo sshd[2608]: Failed password for root from
78.46.229.107 port 33281 ssh2
Oct 10 20:55:32 correo sshd[2632]: Failed password for root from
78.46.229.107 port 33605 ssh2
Oct 10 20:55:35 correo sshd[2636]: Failed password for root from
78.46.229.107 port 33913 ssh2
Oct 10 20:55:38 correo sshd[2638]: Failed password for root from
78.46.229.107 port 34369 ssh2
Oct 10 20:55:41 correo sshd[2640]: Failed password for root from
78.46.229.107 port 34670 ssh2
Oct 10 20:55:44 correo sshd[2644]: Failed password for root from
78.46.229.107 port 34984 ssh2
Oct 10 20:55:44 correo sshd[2651]: Invalid user oracle from 78.46.229.107
Oct 10 20:55:46 correo sshd[2651]: Failed password for invalid user
oracle from 78.46.229.107 port 35305 ssh2
Oct 10 20:55:47 correo sshd[2659]: Invalid user test from 78.46.229.107
Oct 10 20:55:49 correo sshd[2659]: Failed password for invalid user
test from 78.46.229.107 port 35637 ssh2
Oct 10 20:55:52 correo sshd[2668]: Failed password for root from
78.46.229.107 port 35943 ssh2
Oct 10 20:55:54 correo sshd[2689]: Failed password for root from
78.46.229.107 port 36265 ssh2
Oct 10 20:55:57 correo sshd[2697]: Failed password for root from
78.46.229.107 port 36583 ssh2
Oct 10 20:56:00 correo sshd[2700]: Failed password for root from
78.46.229.107 port 36892 ssh2
Oct 10 20:56:03 correo sshd[2702]: Failed password for root from
78.46.229.107 port 37204 ssh2
Oct 10 20:56:05 correo sshd[2704]: Failed password for root from
78.46.229.107 port 37500 ssh2
Oct 10 20:56:06 correo sshd[2706]: Invalid user teamspeak from 78.46.229.107
Oct 10 20:56:08 correo sshd[2706]: Failed password for invalid user
teamspeak from 78.46.229.107 port 37800 ssh2
Oct 10 20:56:08 correo sshd[2709]: Invalid user teamspeak from 78.46.229.107
Oct 10 20:56:11 correo sshd[2709]: Failed password for invalid user
teamspeak from 78.46.229.107 port 38113 ssh2
Oct 10 20:56:11 correo sshd[2712]: Invalid user nagios from 78.46.229.107
Oct 10 20:56:13 correo sshd[2712]: Failed password for invalid user
nagios from 78.46.229.107 port 38414 ssh2
Oct 10 20:56:14 correo sshd[2715]: Invalid user postgres from 78.46.229.107
Oct 10 20:56:16 correo sshd[2715]: Failed password for invalid user
postgres from 78.46.229.107 port 38713 ssh2
Oct 10 20:56:19 correo sshd[2717]: Failed password for root from
78.46.229.107 port 39030 ssh2
Oct 10 20:56:22 correo sshd[2719]: Failed password for root from
78.46.229.107 port 39342 ssh2
Oct 10 20:56:24 correo sshd[2721]: Failed password for root from
78.46.229.107 port 39647 ssh2
Oct 10 20:56:27 correo sshd[2723]: Failed password for root from
78.46.229.107 port 39962 ssh2
Oct 10 20:56:30 correo sshd[2727]: Failed password for root from
78.46.229.107 port 40261 ssh2
Oct 10 20:56:32 correo sshd[2729]: Failed password for root from
78.46.229.107 port 40567 ssh2
Oct 10 20:56:35 correo sshd[2731]: Failed password for root from
78.46.229.107 port 40868 ssh2
Oct 10 20:56:39 correo sshd[2734]: Failed password for root from
78.46.229.107 port 41180 ssh2
Oct 10 20:56:42 correo sshd[2736]: Failed password for root from
78.46.229.107 port 41596 ssh2
Oct 10 20:56:44 correo sshd[2740]: Failed password for root from
78.46.229.107 port 41902 ssh2
Oct 10 20:56:47 correo sshd[2742]: Failed password for root from
78.46.229.107 port 42205 ssh2
Oct 10 20:56:50 correo sshd[2744]: Failed password for root from
78.46.229.107 port 42523 ssh2
Oct 10 20:56:52 correo sshd[2746]: Failed password for root from
78.46.229.107 port 42840 ssh2
Oct 10 20:56:55 correo sshd[2748]: Failed password for root from
78.46.229.107 port 43137 ssh2
Oct 10 20:56:58 correo sshd[2750]: Failed password for root from
78.46.229.107 port 43454 ssh2
Oct 10 20:57:01 correo sshd[2753]: Failed password for root from
78.46.229.107 port 43762 ssh2
Oct 10 20:57:03 correo sshd[2755]: Failed password for root from
78.46.229.107 port 44064 ssh2
Oct 10 20:57:06 correo sshd[2757]: Failed password for root from
78.46.229.107 port 44363 ssh2
Oct 10 20:57:09 correo sshd[2759]: Failed password for root from
78.46.229.107 port 44684 ssh2
Oct 10 20:57:11 correo sshd[2761]: Failed password for root from
78.46.229.107 port 45015 ssh2
Oct 10 20:57:16 correo sshd[2763]: Failed password for root from
78.46.229.107 port 45345 ssh2
Oct 10 20:57:19 correo sshd[2766]: Failed password for root from
78.46.229.107 port 45932 ssh2
Oct 10 20:57:22 correo sshd[2768]: Failed password for root from
78.46.229.107 port 46258 ssh2
Oct 10 20:57:25 correo sshd[2770]: Failed password for root from
78.46.229.107 port 46581 ssh2
Oct 10 20:57:27 correo sshd[2772]: Failed password for root from
78.46.229.107 port 46907 ssh2
Oct 10 20:57:30 correo sshd[2776]: Failed password for root from
78.46.229.107 port 47253 ssh2
Oct 10 20:57:33 correo sshd[2779]: Failed password for root from
78.46.229.107 port 47587 ssh2
Oct 10 20:57:36 correo sshd[2781]: Failed password for root from
78.46.229.107 port 47946 ssh2
Oct 10 20:57:38 correo sshd[2783]: Failed password for root from
78.46.229.107 port 48260 ssh2
Oct 10 20:57:41 correo sshd[2785]: Failed password for root from
78.46.229.107 port 48587 ssh2
Oct 10 20:57:44 correo sshd[2787]: Failed password for root from
78.46.229.107 port 48928 ssh2
Oct 10 20:57:47 correo sshd[2791]: Failed password for root from
78.46.229.107 port 49270 ssh2
Oct 10 20:57:49 correo sshd[2793]: Failed password for root from
78.46.229.107 port 49600 ssh2

2012/10/11 Paolo Sammicheli <xdatap1 a siena.linux.it>:
> Il 11/10/2012 09:58, Freeze NorthPole ha scritto:
>
>> Ciao a tutti,
>> giusto qualche gg fa vi chiedevo come proteggere il server e oggi mi
>> comunicano un tentato attacco di bruteforce e il provider mi chiede:
>> - come è potuto succedere
>> - quali provvedimenti adottare per evitare che si ripeta,
>
>
> Qualche informazione in più, magari. Su quale porta/protocollo? Cosa è
> successo, sono entrati? Quali problemi hai riscontrato? È avvenuto un DOS?
>
> Ciao
> --
> Paolo Sammicheli
> Email: xdatap1(at)siena.linux.it
> Slug - Siena Linux User Group | http://www.siena.linux.it
> - Do what you like. Like what you do -
> _______________________________________________
> Tecnica mailing list
> Tecnica a liste.siena.linux.it
> http://liste.siena.linux.it/cgi-bin/mailman/listinfo/tecnica

Maggiori informazioni sulla lista Tecnica