Mam router na kterej se hlasim pres ssh jako root ale po nejakem case tak tyden +- se mi zablokuje ip a nechce me to tam pustit ani ftp nejde tak si to musim na stroji ze ktereho se tam hlasim nastavit jiny a pak to de .Nevite cim to je
Mam router na kterej se hlasim pres ssh jako root ale po nejakem case tak tyden +- se mi zablokuje ip a nechce me to tam pustit ani ftp nejde tak si to musim na stroji ze ktereho se tam hlasim nastavit jiny a pak to de .Nevite cim to je
Hmmm a hledal jsi v logach? Neco tak urcite bude proc to nechce chodit... Treba vyprsela platnost DHCP a na novy pozadavek uz odpoved nedosla...
Jak se to presne projevuje?
In a world without fences and walls, who needs Gates and Windows? | Nesnáším wide monitory.
Workstation: Xeon E3-1275v5 :: Silentmaxx TwinBlock fanless :: Fujitsu D3417-B :: 32 GB ECC DDR4 :: Radeon Pro WX 2100 fanless :: Dell UP2715K :: Gentoo
Server: Xeon E3-1245v6 :: Supermicro X11SSH-F :: 32 GB ECC DDR4 :: Aquantia 5GBase-T :: 36 TB storage :: Gentoo Hardened
no zniceho nic prestane jit ftp na ten komp nemuzu setam ani prihlastit pres ssh pouzivam puty a to vytuhne . Kdyz zmenim ip tak mi to jede v pohode .
A logy kde presne sou ?
a jeste treba sem tam rano dneska byl a tak za hodinku to prestalo jit
logy jsou vetsinou ve /var/log.....
Intel C2D 4300, 1GB DDR2, 120GB Seagate, nVidia7600GT pasiv.
Logy sou zaklad, pokud je pravidelne nesledujes nebo nemas nejakeho demona ktery ti je presrotuje a posle na mejl, tak nevis co se v tom systemu deje. Pak muze lehce nastat situace kdy ti nekde neco nejede atd...Původně odeslal Lipo
In a world without fences and walls, who needs Gates and Windows? | Nesnáším wide monitory.
Workstation: Xeon E3-1275v5 :: Silentmaxx TwinBlock fanless :: Fujitsu D3417-B :: 32 GB ECC DDR4 :: Radeon Pro WX 2100 fanless :: Dell UP2715K :: Gentoo
Server: Xeon E3-1245v6 :: Supermicro X11SSH-F :: 32 GB ECC DDR4 :: Aquantia 5GBase-T :: 36 TB storage :: Gentoo Hardened
Uz vinm cim to asi bylo zkousel jsem ho skenovat z klienta a asi mi to bloknul nevite kde se to da zas povolit ??
tady je cast logu od kdy to slo a pak uz ne .
Jan 15 12:45:54 moon sshd[620]: Accepted password for root from 10.2.3.5 port 1146
Jan 15 12:45:54 moon sshd[620]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 12:45:54 moon sshd[620]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 12:45:54 moon sshd[622]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 12:45:54 moon sshd[622]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 12:56:11 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 143
Jan 15 12:56:11 moon portsentry[584]: attackalert: Host 10.2.3.5 has been blocked via wrappers with string: "ALL: 10.2.3.5"
Jan 15 12:56:11 moon portsentry[584]: attackalert: Host 10.2.3.5 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 10.2.3.5 -j DENY -l"
Jan 15 12:56:14 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 143
Jan 15 12:56:14 moon portsentry[584]: attackalert: Host: 10.2.3.5/10.2.3.5 is already blocked Ignoring
Jan 15 12:56:15 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 119
Jan 15 12:56:15 moon portsentry[584]: attackalert: Host: 10.2.3.5/10.2.3.5 is already blocked Ignoring
Jan 15 12:56:17 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 119
Jan 15 12:56:17 moon portsentry[584]: attackalert: Host: 10.2.3.5/10.2.3.5 is already blocked Ignoring
Jan 15 12:56:19 moon portsentry[584]: attackalert: TCP SYN/Normal scan from host: 10.2.3.5/10.2.3.5 to TCP port: 119
Jan 15 12:56:19 moon portsentry[584]: attackalert: Host: 10.2.3.5/10.2.3.5 is already blocked Ignoring
Jan 15 15:01:02 moon sshd[646]: Accepted password for root from 10.2.3.4 port 1042
Jan 15 15:01:02 moon sshd[646]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 15:01:02 moon sshd[646]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 15:01:02 moon sshd[648]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 15:01:02 moon sshd[648]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 15:16:32 moon sshd[818]: Accepted password for root from 10.2.3.4 port 1138
Jan 15 15:16:32 moon sshd[818]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 15:16:32 moon sshd[818]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 15:16:32 moon sshd[820]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 15:16:32 moon sshd[820]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 21:41:17 moon sshd[1043]: Illegal user ipo from 10.2.3.4
Jan 15 21:41:40 moon sshd[1045]: Failed password for lipo from 10.2.3.4 port 32874 ssh2
Jan 15 21:41:43 moon sshd[1045]: Accepted password for lipo from 10.2.3.4 port 32874 ssh2
Jan 15 21:41:43 moon sshd[1047]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 21:41:43 moon sshd[1047]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 21:41:43 moon sshd[1045]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 21:41:43 moon sshd[1045]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 23:07:49 moon sshd[1081]: Accepted password for root from 10.2.3.4 port 1132
Jan 15 23:07:49 moon sshd[1081]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 23:07:49 moon sshd[1081]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 23:07:49 moon sshd[1083]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Jan 15 23:07:49 moon sshd[1083]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Jan 15 23:15:18 moon sshd[1099]: Accepted password for root from 10.2.3.4 port
urcite to dela (demon) attackalert
pokud to vypnes tak ti to asi bude fungovat, ale pokud to chces pouzivat, tak to bude asi potreba nastavit
ja nemam MDK ale Vectorlinux
Tak uz jsem to objevil je to v /etc/hosts.deny byly tam zablokovany vsechny ip z kterejch jsem t o skenoval takze staci odmazat a je to )
Toto téma si právě prohlíží 1 uživatelů. (0 registrovaných a 1 anonymních)