Blokuje se mi IP proc? VYRESENO

[Lipo]

Mam router na kterej se hlasim pres ssh jako root ale po nejakem case tak tyden +- se mi zablokuje ip a nechce me to tam pustit ani ftp nejde tak si to musim na stroji ze ktereho se tam hlasim nastavit jiny a pak to de .Nevite cim to je

[Gargamel]

Hmmm a hledal jsi v logach? Neco tak urcite bude proc to nechce chodit... Treba vyprsela platnost DHCP a na novy pozadavek uz odpoved nedosla...
Jak se to presne projevuje?

[Lipo]

no zniceho nic prestane jit ftp na ten komp nemuzu setam ani prihlastit pres ssh pouzivam puty a to vytuhne . Kdyz zmenim ip tak mi to jede v pohode .
A logy kde presne sou ?

[Lipo]

a jeste treba sem tam rano dneska byl a tak za hodinku to prestalo jit

[Lopan]

logy jsou vetsinou ve /var/log.....

[Gargamel]

no zniceho nic prestane jit ftp na ten komp nemuzu setam ani prihlastit pres ssh pouzivam puty a to vytuhne . Kdyz zmenim ip tak mi to jede v pohode .
A logy kde presne sou ?

Logy sou zaklad, pokud je pravidelne nesledujes nebo nemas nejakeho demona ktery ti je presrotuje a posle na mejl, tak nevis co se v tom systemu deje. Pak muze lehce nastat situace kdy ti nekde neco nejede atd...

[Lipo]

Uz vinm cim to asi bylo zkousel jsem ho skenovat z klienta a asi mi to bloknul nevite kde se to da zas povolit ??
tady je cast logu od kdy to slo a pak uz ne .

Jan 15 12:45:54 moon sshd[620]: Accepted password for root from 10.2.3.5 port 1146
Jan 15 12:45:54 moon sshd[620]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 12:45:54 moon sshd[620]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 12:45:54 moon sshd[622]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 12:45:54 moon sshd[622]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 12:56:11 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 143
Jan 15 12:56:11 moon portsentry[584]: attackalert: Host 10.2.3.5 has been blocked via wrappers with string: "ALL: 10.2.3.5"
Jan 15 12:56:11 moon portsentry[584]: attackalert: Host 10.2.3.5 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 10.2.3.5 -j DENY -l"
Jan 15 12:56:14 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 143
Jan 15 12:56:14 moon portsentry[584]: attackalert: Host: 10.2.3.5/10.2.3.5 is already blocked Ignoring
Jan 15 12:56:15 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 119
Jan 15 12:56:15 moon portsentry[584]: attackalert: Host: 10.2.3.5/10.2.3.5 is already blocked Ignoring
Jan 15 12:56:17 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 119
Jan 15 12:56:17 moon portsentry[584]: attackalert: Host: 10.2.3.5/10.2.3.5 is already blocked Ignoring
Jan 15 12:56:19 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 119
Jan 15 12:56:19 moon portsentry[584]: attackalert: Host: 10.2.3.5/10.2.3.5 is already blocked Ignoring
Jan 15 15:01:02 moon sshd[646]: Accepted password for root from 10.2.3.4 port 1042
Jan 15 15:01:02 moon sshd[646]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 15:01:02 moon sshd[646]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 15:01:02 moon sshd[648]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 15:01:02 moon sshd[648]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 15:16:32 moon sshd[818]: Accepted password for root from 10.2.3.4 port 1138
Jan 15 15:16:32 moon sshd[818]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 15:16:32 moon sshd[818]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 15:16:32 moon sshd[820]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 15:16:32 moon sshd[820]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 21:41:17 moon sshd[1043]: Illegal user ipo from 10.2.3.4
Jan 15 21:41:40 moon sshd[1045]: Failed password for lipo from 10.2.3.4 port 32874 ssh2
Jan 15 21:41:43 moon sshd[1045]: Accepted password for lipo from 10.2.3.4 port 32874 ssh2
Jan 15 21:41:43 moon sshd[1047]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 21:41:43 moon sshd[1047]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 21:41:43 moon sshd[1045]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 21:41:43 moon sshd[1045]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 23:07:49 moon sshd[1081]: Accepted password for root from 10.2.3.4 port 1132
Jan 15 23:07:49 moon sshd[1081]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 23:07:49 moon sshd[1081]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 23:07:49 moon sshd[1083]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 23:07:49 moon sshd[1083]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 23:15:18 moon sshd[1099]: Accepted password for root from 10.2.3.4 port

[wong]

urcite to dela (demon) attackalert
pokud to vypnes tak ti to asi bude fungovat, ale pokud to chces pouzivat, tak to bude asi potreba nastavit

[Wohmatak]

neni neco v crontabu? /etc/crontab (doufam ze to tak MDK ma)

[Lipo]

ja nemam MDK ale Vectorlinux

[Lipo]

Tak uz jsem to objevil je to v /etc/hosts.deny byly tam zablokovany vsechny ip z kterejch jsem t o skenoval takze staci odmazat a je to )