[Wien] sollte ich mir sorgen machen???

L. Aaron Kaplan (spam-protected)
So Mai 9 22:06:03 CEST 2010 

Also die ssh connection attempts sind klar:

ultrastabil:~ aaron$ whois 200.30.189.102

OrgName:    Latin American and Caribbean IP address Regional Registry
OrgID:      LACNIC
Address:    Rambla Republica de Mexico 6125
City:       Montevideo
StateProv:
PostalCode: 11400
Country:    UY


---> willkommen im ungefilterten Internet :)
Was man machen kann, um sich vor ssh attacken zu schuetzen steht hier:


http://wiki.funkfeuer.at/index.php/Port_Scans

(wir hatten das schon mal auf der wien@ Liste diskutiert, aber das Thema ist taeglich aktuell  :) mein server kriegt an die 200 ssh connection attempts pro Tag)


On May 9, 2010, at 10:58 PM, Felix Ehritz wrote:

> Mein log!
> Der log von meinem knoten hp4 78.41.112.81
> Mich hat chris angerufen, ob ich mich bei ihm am router einlogge…natürlich nicht.
> panelost.gri97.wien.funkfeuer.a
>  
>  
> May  9 21:33:33 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 28654 from 193.238.159.6 on eth0 (1424 Bytes)
> May  9 21:33:47 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 28718 from 193.238.159.6 on eth0 (628 Bytes)
> May  9 21:35:02 v10 daemon.info dnsmasq[1117]: read /etc/hosts - 1 addresses
> May  9 21:35:14 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 29107 from 193.238.159.6 on eth0 (1464 Bytes)
> May  9 21:35:34 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 29199 from 193.238.159.6 on eth0 (1432 Bytes)
> May  9 21:35:43 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 29237 from 193.238.159.6 on eth0 (1460 Bytes)
> May  9 21:35:52 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 29282 from 193.238.159.6 on eth0 (1312 Bytes)
> May  9 21:36:02 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 29327 from 193.238.159.6 on eth0 (1428 Bytes)
> May  9 21:36:45 v10 authpriv.info dropbear[14162]: Child connection from 200.30.189.102:38011
> May  9 21:36:45 v10 authpriv.info dropbear[14163]: Child connection from 200.30.189.102:38012
> May  9 21:36:46 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 29533 from 193.238.159.6 on eth0 (1444 Bytes)
> May  9 21:36:48 v10 authpriv.warn dropbear[14162]: login attempt for nonexistent user from 200.30.189.102:38011
> May  9 21:36:48 v10 authpriv.warn dropbear[14163]: login attempt for nonexistent user from 200.30.189.102:38012
> May  9 21:36:49 v10 authpriv.info dropbear[14162]: exit before auth: Disconnect received
> May  9 21:36:49 v10 authpriv.info dropbear[14163]: exit before auth: Disconnect received
> May  9 21:36:49 v10 authpriv.info dropbear[14164]: Child connection from 200.30.189.102:38170
> May  9 21:36:49 v10 authpriv.info dropbear[14165]: Child connection from 200.30.189.102:38177
> May  9 21:36:53 v10 authpriv.warn dropbear[14165]: login attempt for nonexistent user from 200.30.189.102:38177
> May  9 21:36:53 v10 authpriv.warn dropbear[14164]: login attempt for nonexistent user from 200.30.189.102:38170
> May  9 21:36:53 v10 authpriv.info dropbear[14165]: exit before auth: Disconnect received
> May  9 21:36:53 v10 authpriv.info dropbear[14164]: exit before auth: Disconnect received
> May  9 21:36:54 v10 authpriv.info dropbear[14166]: Child connection from 200.30.189.102:47130
> May  9 21:36:56 v10 authpriv.warn dropbear[14166]: login attempt for nonexistent user from 200.30.189.102:47130
> May  9 21:36:57 v10 authpriv.info dropbear[14167]: Child connection from 200.30.189.102:47107
> May  9 21:36:57 v10 authpriv.info dropbear[14166]: exit before auth: Disconnect received
> May  9 21:36:57 v10 authpriv.info dropbear[14168]: Child connection from 200.30.189.102:49842
> May  9 21:37:00 v10 authpriv.warn dropbear[14167]: login attempt for nonexistent user from 200.30.189.102:47107
> May  9 21:37:00 v10 authpriv.warn dropbear[14168]: login attempt for nonexistent user from 200.30.189.102:49842
> May  9 21:37:01 v10 authpriv.info dropbear[14167]: exit before auth: Disconnect received
> May  9 21:37:01 v10 authpriv.info dropbear[14169]: Child connection from 200.30.189.102:51014
> May  9 21:37:01 v10 authpriv.info dropbear[14168]: exit before auth: Disconnect received
> May  9 21:37:01 v10 authpriv.info dropbear[14170]: Child connection from 200.30.189.102:51019
> May  9 21:37:01 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 29604 from 193.238.159.6 on eth0 (1420 Bytes)
> May  9 21:37:05 v10 authpriv.warn dropbear[14169]: login attempt for nonexistent user from 200.30.189.102:51014
> May  9 21:37:06 v10 authpriv.warn dropbear[14170]: login attempt for nonexistent user from 200.30.189.102:51019
> May  9 21:37:06 v10 authpriv.info dropbear[14169]: exit before auth: Disconnect received
> May  9 21:37:06 v10 authpriv.info dropbear[14170]: exit before auth: Disconnect received
> May  9 21:37:06 v10 authpriv.info dropbear[14175]: Child connection from 200.30.189.102:55083
> May  9 21:37:06 v10 authpriv.info dropbear[14176]: Child connection from 200.30.189.102:55091
> May  9 21:37:10 v10 authpriv.warn dropbear[14175]: login attempt for nonexistent user from 200.30.189.102:55083
> May  9 21:37:10 v10 authpriv.warn dropbear[14176]: login attempt for nonexistent user from 200.30.189.102:55091
> May  9 21:37:10 v10 authpriv.info dropbear[14175]: exit before auth: Disconnect received
> May  9 21:37:11 v10 authpriv.info dropbear[14176]: exit before auth: Disconnect received
> May  9 21:37:11 v10 authpriv.info dropbear[14177]: Child connection from 200.30.189.102:58579
> May  9 21:37:11 v10 authpriv.info dropbear[14178]: Child connection from 200.30.189.102:58581
> May  9 21:37:17 v10 authpriv.warn dropbear[14177]: login attempt for nonexistent user from 200.30.189.102:58579
> May  9 21:37:17 v10 authpriv.warn dropbear[14178]: login attempt for nonexistent user from 200.30.189.102:58581
> May  9 21:37:17 v10 authpriv.info dropbear[14177]: exit before auth: Disconnect received
> May  9 21:37:17 v10 authpriv.info dropbear[14178]: exit before auth: Disconnect received
> May  9 21:37:18 v10 authpriv.info dropbear[14179]: Child connection from 200.30.189.102:35027
> May  9 21:37:18 v10 authpriv.info dropbear[14180]: Child connection from 200.30.189.102:35028
> May  9 21:37:21 v10 authpriv.warn dropbear[14179]: login attempt for nonexistent user from 200.30.189.102:35027
> May  9 21:37:21 v10 authpriv.warn dropbear[14180]: login attempt for nonexistent user from 200.30.189.102:35028
> May  9 21:37:22 v10 authpriv.info dropbear[14179]: exit before auth: Disconnect received
> May  9 21:37:22 v10 authpriv.info dropbear[14180]: exit before auth: Disconnect received
> May  9 21:37:22 v10 authpriv.info dropbear[14181]: Child connection from 200.30.189.102:38521
> May  9 21:37:22 v10 authpriv.info dropbear[14182]: Child connection from 200.30.189.102:38524
> May  9 21:37:26 v10 authpriv.warn dropbear[14181]: login attempt for nonexistent user from 200.30.189.102:38521
> May  9 21:37:26 v10 authpriv.warn dropbear[14182]: login attempt for nonexistent user from 200.30.189.102:38524
> May  9 21:37:27 v10 authpriv.info dropbear[14181]: exit before auth: Disconnect received
> May  9 21:37:27 v10 authpriv.info dropbear[14182]: exit before auth: Disconnect received
> May  9 21:37:27 v10 authpriv.info dropbear[14183]: Child connection from 200.30.189.102:42316
> May  9 21:37:27 v10 authpriv.info dropbear[14184]: Child connection from 200.30.189.102:42321
> May  9 21:37:30 v10 authpriv.warn dropbear[14184]: login attempt for nonexistent user from 200.30.189.102:42321
> May  9 21:37:30 v10 authpriv.warn dropbear[14183]: login attempt for nonexistent user from 200.30.189.102:42316
> May  9 21:37:31 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 29740 from 193.238.159.6 on eth0 (1444 Bytes)
> May  9 21:37:31 v10 authpriv.info dropbear[14184]: exit before auth: Disconnect received
> May  9 21:37:31 v10 authpriv.info dropbear[14183]: exit before auth: Disconnect received
> May  9 21:37:31 v10 authpriv.info dropbear[14185]: Child connection from 200.30.189.102:45430
> May  9 21:37:31 v10 authpriv.info dropbear[14186]: Child connection from 200.30.189.102:45444
> May  9 21:37:35 v10 authpriv.warn dropbear[14185]: login attempt for nonexistent user from 200.30.189.102:45430
> May  9 21:37:35 v10 authpriv.warn dropbear[14186]: login attempt for nonexistent user from 200.30.189.102:45444
> May  9 21:37:36 v10 authpriv.info dropbear[14186]: exit before auth: Disconnect received
> May  9 21:37:36 v10 authpriv.info dropbear[14185]: exit before auth: Disconnect received
> May  9 21:37:36 v10 authpriv.info dropbear[14187]: Child connection from 200.30.189.102:48776
> May  9 21:37:36 v10 authpriv.info dropbear[14188]: Child connection from 200.30.189.102:48777
> May  9 21:37:39 v10 authpriv.warn dropbear[14188]: login attempt for nonexistent user from 200.30.189.102:48777
> May  9 21:37:39 v10 authpriv.warn dropbear[14187]: login attempt for nonexistent user from 200.30.189.102:48776
> May  9 21:37:40 v10 authpriv.info dropbear[14188]: exit before auth: Disconnect received
> May  9 21:37:40 v10 authpriv.info dropbear[14187]: exit before auth: Disconnect received
> May  9 21:37:40 v10 authpriv.info dropbear[14189]: Child connection from 200.30.189.102:51996
> May  9 21:37:40 v10 authpriv.info dropbear[14190]: Child connection from 200.30.189.102:51998
> May  9 21:37:44 v10 authpriv.warn dropbear[14189]: login attempt for nonexistent user from 200.30.189.102:51996
> May  9 21:37:44 v10 authpriv.warn dropbear[14190]: login attempt for nonexistent user from 200.30.189.102:51998
> May  9 21:37:44 v10 authpriv.info dropbear[14189]: exit before auth: Disconnect received
> May  9 21:37:44 v10 authpriv.info dropbear[14190]: exit before auth: Disconnect received
> May  9 21:37:45 v10 authpriv.info dropbear[14191]: Child connection from 200.30.189.102:55387
> May  9 21:37:45 v10 authpriv.info dropbear[14192]: Child connection from 200.30.189.102:55402
> May  9 21:37:48 v10 authpriv.warn dropbear[14191]: login attempt for nonexistent user from 200.30.189.102:55387
> May  9 21:37:48 v10 authpriv.warn dropbear[14192]: login attempt for nonexistent user from 200.30.189.102:55402
> May  9 21:37:49 v10 authpriv.info dropbear[14191]: exit before auth: Disconnect received
> May  9 21:37:49 v10 authpriv.info dropbear[14192]: exit before auth: Disconnect received
> May  9 21:37:49 v10 authpriv.info dropbear[14193]: Child connection from 200.30.189.102:59241
> May  9 21:37:49 v10 authpriv.info dropbear[14194]: Child connection from 200.30.189.102:59248
> May  9 21:37:52 v10 authpriv.warn dropbear[14193]: login attempt for nonexistent user from 200.30.189.102:59241
> May  9 21:37:52 v10 authpriv.warn dropbear[14194]: login attempt for nonexistent user from 200.30.189.102:59248
> May  9 21:37:53 v10 authpriv.info dropbear[14194]: exit before auth: Disconnect received
> May  9 21:37:53 v10 authpriv.info dropbear[14193]: exit before auth: Disconnect received
> May  9 21:37:53 v10 authpriv.info dropbear[14195]: Child connection from 200.30.189.102:34263
> May  9 21:37:53 v10 authpriv.info dropbear[14196]: Child connection from 200.30.189.102:34264
> May  9 21:37:57 v10 authpriv.warn dropbear[14195]: login attempt for nonexistent user from 200.30.189.102:34263
> May  9 21:37:57 v10 authpriv.warn dropbear[14196]: login attempt for nonexistent user from 200.30.189.102:34264
> May  9 21:37:58 v10 authpriv.info dropbear[14195]: exit before auth: Disconnect received
> May  9 21:37:58 v10 authpriv.info dropbear[14196]: exit before auth: Disconnect received
> May  9 21:37:58 v10 authpriv.info dropbear[14197]: Child connection from 200.30.189.102:37230
> May  9 21:37:58 v10 authpriv.info dropbear[14198]: Child connection from 200.30.189.102:37260
> May  9 21:38:01 v10 authpriv.warn dropbear[14197]: login attempt for nonexistent user from 200.30.189.102:37230
> May  9 21:38:01 v10 authpriv.warn dropbear[14198]: login attempt for nonexistent user from 200.30.189.102:37260
> May  9 21:38:02 v10 authpriv.info dropbear[14197]: exit before auth: Disconnect received
> May  9 21:38:02 v10 authpriv.info dropbear[14198]: exit before auth: Disconnect received
> May  9 21:38:11 v10 authpriv.info dropbear[14203]: Child connection from 200.30.189.102:39737
> May  9 21:38:13 v10 authpriv.info dropbear[14203]: exit before auth: Exited normally
> May  9 21:38:35 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30036 from 193.238.159.6 on eth0 (1452 Bytes)
> May  9 21:38:35 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30039 from 193.238.159.6 on eth0 (1452 Bytes)
> May  9 21:38:39 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30059 from 193.238.159.6 on eth0 (1396 Bytes)
> May  9 21:39:25 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30270 from 193.238.159.6 on eth0 (1448 Bytes)
> May  9 21:39:43 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30355 from 193.238.159.6 on eth0 (1388 Bytes)
> May  9 21:39:47 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30376 from 193.238.159.6 on eth0 (1472 Bytes)
> May  9 21:39:53 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30400 from 193.238.159.6 on eth0 (1444 Bytes)
> May  9 21:40:01 v10 daemon.info dnsmasq[1117]: read /etc/hosts - 1 addresses
> May  9 21:40:24 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30540 from 193.238.159.6 on eth0 (1464 Bytes)
> May  9 21:40:33 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30580 from 193.238.159.6 on eth0 (988 Bytes)
> May  9 21:41:24 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30817 from 193.238.159.6 on eth0 (1400 Bytes)
> May  9 21:41:29 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30836 from 193.238.159.6 on eth0 (1460 Bytes)
> May  9 21:41:59 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 30978 from 193.238.159.6 on eth0 (1464 Bytes)
> May  9 21:42:12 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 31036 from 193.238.159.6 on eth0 (1460 Bytes)
> May  9 21:42:30 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 31121 from 193.238.159.6 on eth0 (1452 Bytes)
> May  9 21:42:36 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 31145 from 193.238.159.6 on eth0 (1396 Bytes)
> May  9 21:43:15 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 31301 from 193.238.159.6 on eth0 (1436 Bytes)
> May  9 21:43:28 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 31360 from 193.238.159.6 on eth0 (1396 Bytes)
> May  9 21:43:58 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 31499 from 193.238.159.6 on eth0 (1444 Bytes)
> May  9 21:45:01 v10 daemon.info dnsmasq[1117]: read /etc/hosts - 1 addresses
> May  9 21:45:38 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 31949 from 193.238.159.6 on eth0 (352 Bytes)
> May  9 21:45:52 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 32013 from 193.238.159.6 on eth0 (1404 Bytes)
> May  9 21:46:08 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 32083 from 193.238.159.6 on eth0 (1436 Bytes)
> May  9 21:46:21 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 32145 from 193.238.159.6 on eth0 (1376 Bytes)
> May  9 21:46:27 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 32174 from 193.238.159.6 on eth0 (1460 Bytes)
> May  9 21:48:43 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 32802 from 193.238.159.6 on eth0 (1464 Bytes)
> May  9 21:48:54 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 32855 from 193.238.159.6 on eth0 (1404 Bytes)
> May  9 21:49:05 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 32902 from 193.238.159.6 on eth0 (1472 Bytes)
> May  9 21:50:02 v10 daemon.info dnsmasq[1117]: read /etc/hosts - 1 addresses
> May  9 21:50:20 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33244 from 193.238.159.6 on eth0 (1472 Bytes)
> May  9 21:51:07 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33462 from 193.238.159.6 on eth0 (1392 Bytes)
> May  9 21:51:18 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33519 from 193.238.159.6 on eth0 (1380 Bytes)
> May  9 21:51:22 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33539 from 193.238.159.6 on eth0 (1044 Bytes)
> May  9 21:51:38 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33587 from 193.238.159.6 on eth0 (1472 Bytes)
> May  9 21:51:52 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33657 from 193.238.159.6 on eth0 (1452 Bytes)
> May  9 21:51:54 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33669 from 193.238.159.6 on eth0 (1448 Bytes)
> May  9 21:52:02 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33705 from 193.238.159.6 on eth0 (1348 Bytes)
> May  9 21:52:21 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33791 from 193.238.159.6 on eth0 (1428 Bytes)
> May  9 21:52:22 v10 daemon.info olsrd[1097]: detected duplicate packet with seqnr 33798 from 193.238.159.6 on eth0 (1436 Bytes)
> --
> Wien mailing list
> (spam-protected)
> http://lists.funkfeuer.at/mailman/listinfo/wien

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.funkfeuer.at/pipermail/wien/attachments/20100509/7348b306/attachment.htm>

Mehr Informationen über die Mailingliste Wien