[Wien] alle anfragen über eine (meine) ip... wo ist der fehler

Felix Ehritz (spam-protected)
So Okt 10 14:13:16 CEST 2010


servus!
problem:
betreiber von bisamberg teilte mit, dass über meinen router ssh login
versuche kommen.
habe mir jetzt das log von meinem server (der vormals mit olsr am knoten
angebunden war und jetzt via hna-anounce von 78.41.112.82) angesehen:

ein ergebnis: das ist eindeutig nicht von meinem router:

[Sat Oct 09 17:30:53 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpmyadmin
[Sat Oct 09 17:30:53 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin
[Sat Oct 09 17:30:53 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/db
[Sat Oct 09 17:30:53 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/web
[Sat Oct 09 17:30:53 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/PMA
[Sat Oct 09 17:30:53 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/mysql
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/myadmin
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/webadmin
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/sqlweb
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/websql
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/webdb
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/mysqladmin
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/mysql-admin
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpmyadmin2
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/php-my-admin
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.2.3
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.2.6
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.5.1
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.5.4
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.5.6
[Sat Oct 09 17:30:54 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.6.0
[Sat Oct 09 17:30:55 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.6.0-pl1
[Sat Oct 09 17:30:55 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.6.2-rc1
[Sat Oct 09 17:30:55 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.6.3
[Sat Oct 09 17:30:55 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.6.3-pl1
[Sat Oct 09 17:30:55 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/phpMyAdmin-2.6.3-rc1
[Sat Oct 09 17:30:55 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/padmin
[Sat Oct 09 17:30:55 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/datenbank
[Sat Oct 09 17:30:55 2010] [error] [client 78.41.112.82] File does not
exist: /home/www/database
____________________________________________________________________________
___________________________________
zur erinerung:
das war von Bisamberg:

Betreff: bad password attempts von Deinem Router v1.hp4
Lieber Felixxxl!

Ich habe mir soeben das System-Log (siehe unten) auf meinem Router
bisamtocity.bisam (193.238.158.49) angesehen und festgestellt, dass von
Deinem Router v1.hp4 (78.41.112.83) bad password attempts kommen dürften....


Sep 21 18:08:22 (none) kern.warn dropbear[16281]: bad password attempt for
'root' from 78.41.112.83:4526
Sep 21 18:08:23 (none) kern.info dropbear[15820]: exit before auth: error
reading: Connection reset by peer
Sep 21 18:08:23 (none) kern.info dropbear[16281]: exit before auth (user
'root', 1 fails): Disconnect received
Sep 21 18:08:26 (none) kern.info dropbear[16321]: Child connection from
78.41.112.83:4711
Sep 21 18:08:29 (none) kern.warn dropbear[16321]: bad password attempt for
'root' from 78.41.112.83:4711
Sep 21 18:08:30 (none) kern.info dropbear[16321]: exit before auth (user
'root', 1 fails): Disconnect received
Sep 21 18:08:30 (none) kern.info dropbear[16334]: Child connection from
78.41.112.83:4864
Sep 21 18:08:37 (none) kern.warn dropbear[16334]: bad password attempt for
'root' from 78.41.112.83:4864
Sep 21 18:08:38 (none) kern.info dropbear[16334]: exit before auth (user
'root', 1 fails): Disconnect received
Sep 21 18:08:38 (none) kern.info dropbear[16356]: Child connection from
78.41.112.83:1064
Sep 21 18:09:26 (none) kern.info dropbear[16553]: Child connection from
78.41.112.83:1819
Sep 21 18:09:32 (none) kern.warn dropbear[16553]: bad password attempt for
'root' from 78.41.112.83:1819
Sep 21 18:09:33 (none) kern.info dropbear[16553]: exit before auth (user
'root', 1 fails): Disconnect received
Sep 21 18:09:33 (none) kern.info dropbear[16572]: Child connection from
78.41.112.83:1918
____________________________________________________________________________
____________________________________
ich habe 2 devices.. deshalb die unterschiedlichen ips.
beide router gleiche konfig, und beide rputer geben alles so weiter als
würde es von ihnen kommen.... zumindest sagen das die logs.

kann das was mit den häckchen bei MASQ was zu tun haben?
habe bei den firewall-einstellungen auf allen interfaces MASQ gesetzt.

auf beiden geräten ist:
OpenWrt Firmware
Kamikaze (r18471)
Last: 0.63 0.27 0.14





Mehr Informationen über die Mailingliste Wien