Domyślnie powinien on być wyłączony i dopiero Wasze celowe działanie powinno to zmieniać. Tak jest też w przypadku urządzenia, które ja posiadam tj. Synology RT2600ac.
Jednak około tygodnia temu korzystałem z pomocy supportu Synology i zostałem wtedy poproszony o włączenie zdalnego dostępu przez SSH ("Panel Sterowania" → menu "Usługi" → zakładka "System Services").
 |
| Opcja włączenia dostępu przez SSH w routerze Synology RT2600ac |
Wykonałem to i po kilku dniach mogłem bezpieczne ustawienia przywrócić z powrotem, ale zanim to uczyniłem spojrzałem w logi i to co tam zobaczyłem bardzo mnie zaskoczyło... a może i przeraziło...
Od momentu włączenia dostępu przez SSH do jego wyłączenia minęło około 10 dni.
W tym czasie w logach nazbierało się ponad 14 tysięcy prób zalogowania!
Zresztą popatrzcie sami jak wygląda log w trakcie pisania niniejszego tekstu. Ktoś ewidentnie leci atakiem brute-force w nadziei na złamanie hasła.W tym czasie w logach nazbierało się ponad 14 tysięcy prób zalogowania!
 |
| Nieudane prób logowania przez SSH |
Na szczęście używam silnych haseł i żadna z prób nie była udana, ale cała ta sytuacja spowodowała, że postanowiłem przeanalizować ją dokładniej.
W tym celu wyeksportowałem log do pliku CSV i wraz z odrobiną wyrażeń regularnych i PHP wystrugałem kawałek kodu (mogę udostępnić zainteresowanym), który pozwolił mi wyciągnąć dwie podstawowe kategorie informacji:
- jakie loginy były wykorzystywane w próbach zalogowania i jak kształtowało się ich wykorzystanie,
- z jakich adresów IP następowały próby wejścia i ile było prób z danego adresu.
Poniżej możecie rozwinąć poszczególne sekcje, aby przejrzeć tabelki z wynikami analizy.
Analiza loginów
Podsumowanie:
Liczba przetworzonych loginów wynosiła 14208 z czego unikalnych było 251
Liczba przetworzonych loginów wynosiła 14208 z czego unikalnych było 251
| Lp | Login | Liczba wystąpień |
| 1 | root | 10934 |
| 2 | admin | 1137 |
| 3 | ubnt | 110 |
| 4 | user | 103 |
| 5 | support | 90 |
| 6 | pi | 79 |
| 7 | git | 69 |
| 8 | ftp | 64 |
| 9 | mysql | 60 |
| 10 | default | 59 |
| 11 | monitor | 58 |
| 12 | 0 | 57 |
| 13 | usuario | 55 |
| 14 | test | 51 |
| 15 | ftpuser | 44 |
| 16 | oracle | 41 |
| 17 | user1 | 41 |
| 18 | guest | 40 |
| 19 | sysadmin | 36 |
| 20 | operator | 35 |
| 21 | 1234 | 30 |
| 22 | 1111 | 29 |
| 23 | osmc | 29 |
| 24 | telecomadmin | 29 |
| 25 | service | 29 |
| 26 | 0000 | 29 |
| 27 | dbadmin | 28 |
| 28 | 010101 | 28 |
| 29 | gpadmin | 28 |
| 30 | telnet | 28 |
| 31 | api | 28 |
| 32 | ubuntu | 22 |
| 33 | postgres | 20 |
| 34 | deploy | 16 |
| 35 | nagios | 15 |
| 36 | server | 15 |
| 37 | zabbix | 10 |
| 38 | jboss | 10 |
| 39 | hadoop | 9 |
| 40 | share | 9 |
| 41 | info | 9 |
| 42 | steam | 9 |
| 43 | ftptest | 9 |
| 44 | mother | 8 |
| 45 | vnc | 8 |
| 46 | guest_cm | 8 |
| 47 | bot | 8 |
| 48 | vbox | 8 |
| 49 | webuser | 7 |
| 50 | sinusbot | 7 |
| 51 | manager | 7 |
| 52 | demo | 7 |
| 53 | slview | 7 |
| 54 | dev | 7 |
| 55 | helen | 6 |
| 56 | mysql2 | 6 |
| 57 | www | 6 |
| 58 | common | 6 |
| 59 | master | 6 |
| 60 | mongodb2 | 6 |
| 61 | vpn | 6 |
| 62 | test1 | 6 |
| 63 | cpanel | 6 |
| 64 | sshusr | 5 |
| 65 | teamspeak | 5 |
| 66 | ts3 | 5 |
| 67 | boot | 5 |
| 68 | pgadmin | 5 |
| 69 | ts3bot | 5 |
| 70 | ts3server | 5 |
| 71 | eversec | 5 |
| 72 | cvsadmin | 5 |
| 73 | odoo | 5 |
| 74 | super | 5 |
| 75 | apache | 5 |
| 76 | mysql1 | 5 |
| 77 | butter | 5 |
| 78 | gituser | 5 |
| 79 | bin | 4 |
| 80 | csserver | 4 |
| 81 | dspace | 4 |
| 82 | mongodb | 4 |
| 83 | cacti | 4 |
| 84 | grid | 4 |
| 85 | arkserver | 4 |
| 86 | patrol | 4 |
| 87 | max | 4 |
| 88 | redis | 4 |
| 89 | zxin10 | 4 |
| 90 | jenkins | 4 |
| 91 | jake | 3 |
| 92 | manuel | 3 |
| 93 | alfresco | 3 |
| 94 | william | 3 |
| 95 | solr | 3 |
| 96 | db2fenc2 | 3 |
| 97 | aurumarma | 3 |
| 98 | steven | 3 |
| 99 | images | 3 |
| 100 | vincent | 3 |
| 101 | administrator | 3 |
| 102 | chandru | 3 |
| 103 | markus | 3 |
| 104 | rabbitmq | 3 |
| 105 | tomcat | 3 |
| 106 | redmine | 3 |
| 107 | ved | 3 |
| 108 | plex | 3 |
| 109 | its | 3 |
| 110 | download | 3 |
| 111 | teste | 3 |
| 112 | import | 3 |
| 113 | webmaster | 3 |
| 114 | debian | 3 |
| 115 | system | 3 |
| 116 | bitrix | 3 |
| 117 | scanner | 3 |
| 118 | erp | 3 |
| 119 | es | 3 |
| 120 | a | 3 |
| 121 | deployer | 3 |
| 122 | ghost | 3 |
| 123 | ppldtepe | 3 |
| 124 | devuser | 3 |
| 125 | muzikbot | 3 |
| 126 | www-data | 3 |
| 127 | arma3server | 3 |
| 128 | botmaster | 3 |
| 129 | confluence | 3 |
| 130 | weblogic | 3 |
| 131 | minecraft | 3 |
| 132 | mc | 3 |
| 133 | admln | 3 |
| 134 | csgoserver | 3 |
| 135 | csgo | 3 |
| 136 | mqm | 3 |
| 137 | sprummlbot | 3 |
| 138 | sdtdserver | 3 |
| 139 | teamspeak3 | 3 |
| 140 | musicbot | 3 |
| 141 | bitnami | 2 |
| 142 | alirio | 2 |
| 143 | centos | 2 |
| 144 | everdata | 2 |
| 145 | db2inst2 | 2 |
| 146 | db2inst1 | 2 |
| 147 | db2das1 | 2 |
| 148 | dasusr1 | 2 |
| 149 | dasusr | 2 |
| 150 | cron | 2 |
| 151 | client | 2 |
| 152 | passport | 2 |
| 153 | PlcmSpIp | 2 |
| 154 | gerrit2 | 2 |
| 155 | db2inst3 | 2 |
| 156 | yang | 2 |
| 157 | backup | 2 |
| 158 | john | 2 |
| 159 | app | 2 |
| 160 | testuser | 2 |
| 161 | agent | 2 |
| 162 | 22 | 2 |
| 163 | andrew | 2 |
| 164 | vikas | 2 |
| 165 | dinesh | 2 |
| 166 | sanjay | 2 |
| 167 | vagrant | 2 |
| 168 | vlado | 2 |
| 169 | pentaho | 2 |
| 170 | rajesh | 2 |
| 171 | rohit | 2 |
| 172 | team3 | 2 |
| 173 | team4 | 2 |
| 174 | temp | 2 |
| 175 | rancid | 2 |
| 176 | pelx | 2 |
| 177 | starbound | 2 |
| 178 | nobody | 2 |
| 179 | monit | 2 |
| 180 | uucp | 2 |
| 181 | user2 | 2 |
| 182 | yarn | 2 |
| 183 | mahendra | 2 |
| 184 | soc | 2 |
| 185 | sk | 2 |
| 186 | steve | 2 |
| 187 | sumit | 2 |
| 188 | samp | 2 |
| 189 | team2 | 2 |
| 190 | vinay | 2 |
| 191 | jira | 2 |
| 192 | lab | 2 |
| 193 | karaz | 2 |
| 194 | gmodserver | 2 |
| 195 | deluge | 2 |
| 196 | invoices | 2 |
| 197 | team1 | 2 |
| 198 | bis | 1 |
| 199 | hdfs | 1 |
| 200 | mq | 1 |
| 201 | siva | 1 |
| 202 | games | 1 |
| 203 | lea | 1 |
| 204 | sdnmuser | 1 |
| 205 | menu | 1 |
| 206 | informix | 1 |
| 207 | congxing | 1 |
| 208 | luan | 1 |
| 209 | pgsql | 1 |
| 210 | zhouli | 1 |
| 211 | user3 | 1 |
| 212 | dennis | 1 |
| 213 | rsync | 1 |
| 214 | wordpress | 1 |
| 215 | fluffy | 1 |
| 216 | ftpadmin | 1 |
| 217 | at | 1 |
| 218 | neeraj | 1 |
| 219 | nginx | 1 |
| 220 | nexus | 1 |
| 221 | gaurav | 1 |
| 222 | jinshitong | 1 |
| 223 | mike | 1 |
| 224 | rstudio | 1 |
| 225 | rahul | 1 |
| 226 | iptv | 1 |
| 227 | libsuser | 1 |
| 228 | kamal | 1 |
| 229 | isms | 1 |
| 230 | username | 1 |
| 231 | lp | 1 |
| 232 | adm | 1 |
| 233 | helpdesk | 1 |
| 234 | plcmspip | 1 |
| 235 | vyatta | 1 |
| 236 | tom | 1 |
| 237 | kafka | 1 |
| 238 | ansible | 1 |
| 239 | IDC.bak | 1 |
| 240 | azureuser | 1 |
| 241 | sftp | 1 |
| 242 | raspberry | 1 |
| 243 | spark | 1 |
| 244 | gmst | 1 |
| 245 | virtual_user | 1 |
| 246 | huawei007SH | 1 |
| 247 | nan | 1 |
| 248 | vivek | 1 |
| 249 | ankit | 1 |
| 250 | applmgr | 1 |
| 251 | ircd | 1 |
Analiza adresów IP
Podsumowanie:
Liczba przetworzonych adresów wynosiła 14243 z czego unikalnych było 319
Liczba przetworzonych adresów wynosiła 14243 z czego unikalnych było 319
| Lp | Adres IP | Liczba wystąpień |
| 1 | 61.177.172.69 | 4789 |
| 2 | 218.65.30.134 | 1425 |
| 3 | 91.197.232.107 | 1260 |
| 4 | 218.65.30.61 | 1198 |
| 5 | 61.177.172.34 | 1140 |
| 6 | 91.197.232.109 | 700 |
| 7 | 121.194.2.247 | 465 |
| 8 | 220.227.71.226 | 368 |
| 9 | 60.216.75.138 | 192 |
| 10 | 91.236.116.77 | 177 |
| 11 | 61.177.172.56 | 133 |
| 12 | 162.243.129.106 | 118 |
| 13 | 193.105.134.184 | 106 |
| 14 | 107.179.244.200 | 71 |
| 15 | 122.156.234.148 | 63 |
| 16 | 201.178.134.193 | 36 |
| 17 | 181.27.161.194 | 36 |
| 18 | 181.211.92.57 | 36 |
| 19 | 201.178.221.64 | 36 |
| 20 | 180.128.21.46 | 30 |
| 21 | 201.176.12.99 | 30 |
| 22 | 118.200.92.193 | 30 |
| 23 | 152.204.35.248 | 30 |
| 24 | 218.66.169.68 | 30 |
| 25 | 201.177.25.185 | 30 |
| 26 | 186.129.224.242 | 30 |
| 27 | 83.19.250.218 | 28 |
| 28 | 202.85.212.231 | 24 |
| 29 | 201.176.4.212 | 24 |
| 30 | 186.135.35.136 | 24 |
| 31 | 118.213.118.2 | 24 |
| 32 | 5.37.215.58 | 18 |
| 33 | 59.63.166.80 | 18 |
| 34 | 201.179.12.36 | 18 |
| 35 | 182.58.247.60 | 18 |
| 36 | 181.21.152.95 | 18 |
| 37 | 82.166.214.80 | 12 |
| 38 | 111.40.166.130 | 12 |
| 39 | 115.95.160.87 | 12 |
| 40 | 59.45.142.199 | 12 |
| 41 | 113.122.62.40 | 12 |
| 42 | 37.193.152.58 | 12 |
| 43 | 106.36.45.43 | 12 |
| 44 | 58.19.145.54 | 12 |
| 45 | 5.141.130.12 | 12 |
| 46 | 183.94.193.67 | 12 |
| 47 | 201.176.30.190 | 12 |
| 48 | 111.11.27.140 | 12 |
| 49 | 185.113.184.48 | 10 |
| 50 | 122.189.199.244 | 10 |
| 51 | 201.177.17.158 | 6 |
| 52 | 210.94.133.51 | 6 |
| 53 | 84.2.30.81 | 6 |
| 54 | 190.184.182.51 | 6 |
| 55 | 201.178.44.195 | 6 |
| 56 | 180.119.60.254 | 6 |
| 57 | 85.150.101.113 | 6 |
| 58 | 188.19.193.203 | 6 |
| 59 | 95.68.208.238 | 6 |
| 60 | 81.89.78.64 | 6 |
| 61 | 181.23.159.39 | 6 |
| 62 | 104.235.185.145 | 6 |
| 63 | 78.131.70.47 | 6 |
| 64 | 183.151.106.72 | 6 |
| 65 | 119.193.140.184 | 6 |
| 66 | 94.50.244.193 | 6 |
| 67 | 183.94.62.247 | 6 |
| 68 | 106.57.51.60 | 6 |
| 69 | 122.231.6.135 | 6 |
| 70 | 159.226.231.12 | 6 |
| 71 | 175.143.13.137 | 6 |
| 72 | 85.110.93.160 | 6 |
| 73 | 176.209.202.170 | 6 |
| 74 | 27.32.136.203 | 6 |
| 75 | 122.162.146.82 | 6 |
| 76 | 85.154.49.85 | 6 |
| 77 | 42.85.201.171 | 6 |
| 78 | 122.189.195.132 | 6 |
| 79 | 190.138.79.131 | 6 |
| 80 | 185.11.48.214 | 6 |
| 81 | 218.108.164.238 | 6 |
| 82 | 111.121.192.6 | 6 |
| 83 | 84.217.24.133 | 6 |
| 84 | 201.177.152.159 | 6 |
| 85 | 114.39.72.234 | 6 |
| 86 | 78.84.221.28 | 6 |
| 87 | 95.190.253.224 | 6 |
| 88 | 186.57.56.14 | 6 |
| 89 | 181.113.72.15 | 6 |
| 90 | 113.243.115.219 | 6 |
| 91 | 79.165.246.184 | 6 |
| 92 | 183.151.58.38 | 6 |
| 93 | 182.37.9.212 | 6 |
| 94 | 101.37.80.173 | 6 |
| 95 | 200.215.10.154 | 6 |
| 96 | 70.48.21.29 | 6 |
| 97 | 180.173.140.96 | 6 |
| 98 | 89.151.156.79 | 6 |
| 99 | 137.59.16.194 | 6 |
| 100 | 36.234.206.173 | 6 |
| 101 | 88.149.234.50 | 6 |
| 102 | 190.214.226.199 | 6 |
| 103 | 106.57.51.251 | 6 |
| 104 | 122.189.246.70 | 6 |
| 105 | 116.54.193.187 | 6 |
| 106 | 95.24.35.9 | 6 |
| 107 | 113.240.129.120 | 6 |
| 108 | 223.71.142.6 | 6 |
| 109 | 218.60.136.106 | 6 |
| 110 | 64.211.24.227 | 6 |
| 111 | 123.168.101.173 | 6 |
| 112 | 58.153.9.111 | 6 |
| 113 | 120.87.32.236 | 6 |
| 114 | 91.97.167.18 | 6 |
| 115 | 190.178.118.116 | 6 |
| 116 | 31.23.208.58 | 6 |
| 117 | 187.145.234.234 | 6 |
| 118 | 116.7.216.17 | 6 |
| 119 | 181.113.212.1 | 6 |
| 120 | 86.97.171.238 | 6 |
| 121 | 201.179.238.246 | 6 |
| 122 | 181.211.124.34 | 6 |
| 123 | 131.255.135.212 | 6 |
| 124 | 183.93.254.94 | 6 |
| 125 | 185.129.229.237 | 6 |
| 126 | 194.50.144.206 | 6 |
| 127 | 200.7.58.53 | 6 |
| 128 | 182.69.154.171 | 6 |
| 129 | 219.217.90.224 | 6 |
| 130 | 153.34.178.176 | 6 |
| 131 | 201.179.10.93 | 6 |
| 132 | 113.122.41.161 | 6 |
| 133 | 43.240.117.232 | 6 |
| 134 | 190.50.243.228 | 6 |
| 135 | 81.235.175.41 | 6 |
| 136 | 45.247.131.132 | 6 |
| 137 | 61.160.196.107 | 6 |
| 138 | 190.214.173.190 | 6 |
| 139 | 186.178.191.20 | 6 |
| 140 | 211.98.64.176 | 6 |
| 141 | 183.151.60.183 | 6 |
| 142 | 66.108.114.107 | 6 |
| 143 | 181.211.137.37 | 6 |
| 144 | 171.212.142.142 | 6 |
| 145 | 213.216.48.2 | 6 |
| 146 | 116.252.34.161 | 6 |
| 147 | 181.208.243.142 | 6 |
| 148 | 182.70.66.86 | 6 |
| 149 | 122.162.121.250 | 6 |
| 150 | 114.241.27.4 | 6 |
| 151 | 113.204.73.190 | 6 |
| 152 | 117.240.14.98 | 6 |
| 153 | 59.127.249.30 | 6 |
| 154 | 182.69.243.163 | 6 |
| 155 | 218.2.197.240 | 6 |
| 156 | 126.66.4.184 | 6 |
| 157 | 49.64.243.73 | 6 |
| 158 | 122.161.32.184 | 6 |
| 159 | 112.99.172.146 | 6 |
| 160 | 186.39.14.213 | 6 |
| 161 | 58.186.217.6 | 6 |
| 162 | 221.204.48.155 | 6 |
| 163 | 31.181.182.243 | 6 |
| 164 | 116.249.170.67 | 6 |
| 165 | 92.252.147.26 | 6 |
| 166 | 181.20.246.99 | 6 |
| 167 | 61.51.192.243 | 6 |
| 168 | 185.110.72.123 | 6 |
| 169 | 181.26.8.247 | 6 |
| 170 | 110.19.71.168 | 6 |
| 171 | 122.189.197.252 | 6 |
| 172 | 190.96.131.247 | 6 |
| 173 | 190.239.163.250 | 6 |
| 174 | 42.58.58.133 | 6 |
| 175 | 14.202.146.131 | 6 |
| 176 | 219.152.30.191 | 6 |
| 177 | 31.162.46.58 | 6 |
| 178 | 116.3.103.18 | 6 |
| 179 | 181.196.142.154 | 6 |
| 180 | 121.143.236.90 | 6 |
| 181 | 109.169.228.202 | 6 |
| 182 | 111.100.178.78 | 6 |
| 183 | 95.81.225.6 | 6 |
| 184 | 178.141.31.113 | 6 |
| 185 | 132.147.92.131 | 6 |
| 186 | 36.24.243.32 | 6 |
| 187 | 183.93.92.25 | 6 |
| 188 | 122.189.194.181 | 6 |
| 189 | 94.78.201.137 | 6 |
| 190 | 36.149.196.230 | 6 |
| 191 | 177.188.136.226 | 6 |
| 192 | 117.199.25.19 | 6 |
| 193 | 91.180.70.67 | 6 |
| 194 | 62.219.123.30 | 6 |
| 195 | 201.250.34.50 | 6 |
| 196 | 170.84.91.46 | 6 |
| 197 | 58.11.90.161 | 6 |
| 198 | 122.189.199.117 | 6 |
| 199 | 123.96.51.136 | 6 |
| 200 | 187.22.111.179 | 6 |
| 201 | 46.35.247.159 | 6 |
| 202 | 31.215.223.87 | 6 |
| 203 | 151.235.194.77 | 6 |
| 204 | 115.194.170.123 | 6 |
| 205 | 119.193.140.206 | 6 |
| 206 | 49.117.176.76 | 6 |
| 207 | 27.30.133.248 | 6 |
| 208 | 181.25.22.187 | 6 |
| 209 | 90.3.185.165 | 6 |
| 210 | 190.237.84.156 | 6 |
| 211 | 218.235.13.197 | 6 |
| 212 | 71.67.251.182 | 6 |
| 213 | 139.201.165.201 | 6 |
| 214 | 190.48.43.111 | 6 |
| 215 | 43.240.117.236 | 6 |
| 216 | 58.48.178.200 | 6 |
| 217 | 170.254.68.4 | 6 |
| 218 | 122.242.28.174 | 6 |
| 219 | 95.84.40.52 | 6 |
| 220 | 190.214.230.188 | 6 |
| 221 | 59.120.6.100 | 6 |
| 222 | 122.190.148.219 | 6 |
| 223 | 119.193.140.155 | 6 |
| 224 | 37.21.218.240 | 6 |
| 225 | 186.129.223.121 | 6 |
| 226 | 188.19.159.80 | 6 |
| 227 | 218.109.166.225 | 6 |
| 228 | 190.49.235.164 | 6 |
| 229 | 222.220.84.109 | 6 |
| 230 | 68.64.221.5 | 6 |
| 231 | 58.56.40.12 | 6 |
| 232 | 27.251.145.197 | 6 |
| 233 | 31.162.166.39 | 6 |
| 234 | 125.122.102.7 | 6 |
| 235 | 153.0.171.16 | 6 |
| 236 | 201.178.150.239 | 6 |
| 237 | 5.141.45.221 | 6 |
| 238 | 200.75.107.195 | 6 |
| 239 | 173.195.199.166 | 6 |
| 240 | 186.178.25.89 | 6 |
| 241 | 31.163.38.164 | 6 |
| 242 | 81.214.63.82 | 6 |
| 243 | 217.9.94.245 | 6 |
| 244 | 113.122.172.197 | 6 |
| 245 | 179.40.133.245 | 6 |
| 246 | 27.209.148.233 | 6 |
| 247 | 222.134.238.39 | 6 |
| 248 | 162.72.21.113 | 6 |
| 249 | 79.126.29.199 | 6 |
| 250 | 111.0.151.6 | 6 |
| 251 | 192.168.1.12 | 5 |
| 252 | 2.181.69.127 | 4 |
| 253 | 24.17.168.140 | 3 |
| 254 | 190.208.22.219 | 3 |
| 255 | 125.227.147.112 | 3 |
| 256 | 34.227.29.243 | 3 |
| 257 | 124.18.61.131 | 2 |
| 258 | 74.208.158.11 | 2 |
| 259 | 190.215.97.65 | 2 |
| 260 | 221.193.241.36 | 2 |
| 261 | 85.28.108.95 | 2 |
| 262 | 139.217.14.205 | 2 |
| 263 | 66.113.15.230 | 2 |
| 264 | 216.218.222.13 | 2 |
| 265 | 58.137.28.17 | 2 |
| 266 | 46.109.149.96 | 2 |
| 267 | 2.24.130.177 | 2 |
| 268 | 118.163.127.250 | 2 |
| 269 | 69.249.103.229 | 2 |
| 270 | 77.190.6.115 | 2 |
| 271 | 141.226.145.221 | 2 |
| 272 | 178.217.187.39 | 2 |
| 273 | 92.142.174.243 | 2 |
| 274 | 91.224.217.137 | 2 |
| 275 | 47.154.225.94 | 2 |
| 276 | 178.42.38.241 | 2 |
| 277 | 162.157.248.168 | 2 |
| 278 | 136.26.59.43 | 2 |
| 279 | 94.254.146.172 | 1 |
| 280 | 62.210.115.87 | 1 |
| 281 | 109.163.234.9 | 1 |
| 282 | 14.162.132.197 | 1 |
| 283 | 77.247.181.165 | 1 |
| 284 | 18.85.22.204 | 1 |
| 285 | 104.238.169.124 | 1 |
| 286 | 14.177.135.184 | 1 |
| 287 | 181.143.213.130 | 1 |
| 288 | 109.226.102.211 | 1 |
| 289 | 213.80.110.186 | 1 |
| 290 | 41.42.162.64 | 1 |
| 291 | 94.23.173.249 | 1 |
| 292 | 188.78.82.109 | 1 |
| 293 | 164.132.51.91 | 1 |
| 294 | 73.231.9.141 | 1 |
| 295 | 180.114.94.104 | 1 |
| 296 | 89.144.12.15 | 1 |
| 297 | 173.254.216.66 | 1 |
| 298 | 65.19.167.130 | 1 |
| 299 | 176.126.252.12 | 1 |
| 300 | 74.218.125.66 | 1 |
| 301 | 14.177.176.241 | 1 |
| 302 | 14.177.230.159 | 1 |
| 303 | 27.145.231.25 | 1 |
| 304 | 14.176.81.76 | 1 |
| 305 | 85.248.227.164 | 1 |
| 306 | 91.211.1.10 | 1 |
| 307 | 78.134.51.205 | 1 |
| 308 | 65.19.167.131 | 1 |
| 309 | 213.209.248.54 | 1 |
| 310 | 68.197.90.93 | 1 |
| 311 | 37.204.70.26 | 1 |
| 312 | 41.41.135.38 | 1 |
| 313 | 14.187.52.103 | 1 |
| 314 | 171.229.173.3 | 1 |
| 315 | 197.45.161.150 | 1 |
| 316 | 46.214.14.172 | 1 |
| 317 | 41.42.29.34 | 1 |
| 318 | 138.36.214.201 | 1 |
| 319 | 207.244.70.35 | 1 |
Pochodzenie poszczególnych adresów możecie sprawdzić np. na stronie https://www.infobyip.com
Polecam sprawdzić kilka pierwszych...
Celem niniejszego wpisu nie było pokazanie w jaki sposób zabezpieczyć router, czy też połączenia SSH (np. blokada IP po nieudanych próbach, czy zastosowanie kluczy), ale ukazanie jak SSH, na który wielu użytkowników nie zwraca uwagi, może być niebezpieczny.
Myślę, że na podstawie mojego przypadku wyciągniecie odpowiednie wnioski i sprawdzicie, czy u Was SSH nie jest niepotrzebnie włączony.
Myślę, że na podstawie mojego przypadku wyciągniecie odpowiednie wnioski i sprawdzicie, czy u Was SSH nie jest niepotrzebnie włączony.
Polecam przetestować takie regułki:
OdpowiedzUsuńhttps://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html#comment-19302
Plus dodatkowe pytanko do wyszukiwarki
ilość czy liczba
Dzięki za linka :)
UsuńIlość, liczba... nigdy się nad tym nie zastanawiałem. Już poprawiłem. Dzięki za zwrócenie uwagi :)
Bardzo dobry wpis! Aż sprawdziłem u siebie, ale na szczęście telnet/ssh i wszystko ze strony WAN wyłączone.
OdpowiedzUsuńDzięki :)
Usuń"Aż sprawdziłem u siebie, ale na szczęście telnet/ssh i wszystko ze strony WAN wyłączone." - no i tak powinno być :)