Intrusos?



  • sshd[63106]: Failed password for invalid user test from 211.92.149.147 port 43668 ssh2
    Dec 13 20:05:18 sshd[63106]: Invalid user test from 211.92.149.147
    Dec 13 20:05:15 sshd[63092]: Failed password for invalid user oracle from 211.92.149.147 port 43341 ssh2
    Dec 13 20:05:15 sshd[63092]: Invalid user oracle from 211.92.149.147
    Dec 13 20:05:12 sshd[63025]: Failed password for root from 211.92.149.147 port 43088 ssh2
    Dec 13 20:05:09 sshd[63022]: Failed password for root from 211.92.149.147 port 42769 ssh2
    Dec 13 20:05:06 sshd[63019]: Failed password for root from 211.92.149.147 port 42498 ssh2
    Dec 13 20:05:03 sshd[63017]: Failed password for root from 211.92.149.147 port 42223 ssh2
    Dec 13 20:04:59 sshd[63003]: Failed password for root from 211.92.149.147 port 41976 ssh2
    Dec 13 20:04:56 sshd[62988]: Failed password for root from 211.92.149.147 port 41711 ssh2
    Dec 13 20:04:53 sshd[62985]: Failed password for root from 211.92.149.147 port 41440 ssh2
    Dec 13 20:04:50 sshd[62982]: Failed password for root from 211.92.149.147 port 41203 ssh2
    Dec 13 20:04:47 sshd[62980]: Failed password for root from 211.92.149.147 port 40910 ssh2
    Dec 13 20:04:44 sshd[62977]: Failed password for root from 211.92.149.147 port 40662 ssh2
    Dec 13 20:04:41 sshd[62974]: Failed password for root from 211.92.149.147 port 40403 ssh2
    Dec 13 20:04:37 sshd[62972]: Failed password for root from 211.92.149.147 port 40158 ssh2
    Dec 13 20:04:34 sshd[62969]: Failed password for root from 211.92.149.147 port 39892 ssh2
    Dec 13 19:49:00 dnsmasq[59538]: reading /var/dhcpd/var/db/dhcpd.leases
    Dec 13 19:34:48 check_reload_status: reloading filter
    Dec 13 19:34:45 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
    Dec 13 19:34:45 dhcpd: All rights reserved.
    Dec 13 19:34:45 dhcpd: Copyright 2004-2008 Internet Systems Consortium.
    Dec 13 19:34:45 dhcpd: Internet Systems Consortium DHCP Server V3.0.7
    Dec 13 19:34:44 dnsmasq[59538]: read /etc/hosts - 2 addresses
    Dec 13 19:34:44 dnsmasq[59538]: using nameserver 208.67.220.220#53
    Dec 13 19:34:44 dnsmasq[59538]: using nameserver 208.133.206.44#53
    Dec 13 19:34:43 dnsmasq[59538]: reading /etc/resolv.conf
    Dec 13 19:34:43 dnsmasq[59538]: reading /var/dhcpd/var/db/dhcpd.leases
    Dec 13 19:34:43 dnsmasq[59538]: compile time options: IPv6 GNU-getopt BSD-bridge ISC-leasefile no-DBus no-I18N TFTP
    Dec 13 19:34:43 dnsmasq[59538]: started, version 2.45 cachesize 150
    Dec 13 19:34:42 dnsmasq[59096]: exiting on receipt of SIGTERM
    Dec 13 19:34:42 dnsmasq[59096]: using nameserver 208.67.220.220#53
    Dec 13 19:34:42 dnsmasq[59096]: using nameserver 208.133.206.44#53
    Dec 13 19:34:42 dnsmasq[59096]: reading /etc/resolv.conf
    Dec 13 19:34:42 dnsmasq[59096]: reading /var/dhcpd/var/db/dhcpd.leases
    Dec 13 19:34:42 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
    Dec 13 19:34:42 dhcpd: All rights reserved.
    Dec 13 19:34:42 dhcpd: Copyright 2004-2008 Internet Systems Consortium.
    Dec 13 19:34:42 dhcpd: Internet Systems Consortium DHCP Server V3.0.7
    Dec 13 19:32:50 check_reload_status: reloading filter
    Dec 13 19:32:45 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
    Dec 13 19:32:45 dhcpd: All rights reserved.
    Dec 13 19:32:45 dhcpd: Copyright 2004-2008 Internet Systems Consortium.
    Dec 13 19:32:45 dhcpd: Internet Systems Consortium DHCP Server V3.0.7
    Dec 13 19:32:44 dnsmasq[59096]: read /etc/hosts - 2 addresses
    Dec 13 19:32:44 dnsmasq[59096]: using nameserver 208.67.220.220#53
    Dec 13 19:32:44 dnsmasq[59096]: using nameserver 208.133.206.44#53
    Dec 13 19:32:44 dnsmasq[59096]: reading /etc/resolv.conf
    Dec 13 19:32:44 dnsmasq[59096]: reading /var/dhcpd/var/db/dhcpd.leases
    Dec 13 19:32:44 dnsmasq[59096]: compile time options: IPv6 GNU-getopt BSD-bridge ISC-leasefile no-DBus no-I18N TFTP
    Dec 13 19:32:44 dnsmasq[59096]: started, version 2.45 cachesize 150
    Dec 13 19:32:43 dnsmasq[536]: exiting on receipt of SIGTERM
    Dec 13 19:32:43 dnsmasq[536]: using nameserver 208.67.220.220#53
    Dec 13 19:32:43 dnsmasq[536]: using nameserver 208.133.206.44#53
    Dec 13 19:32:43 dnsmasq[536]: reading /etc/resolv.conf
    Dec 13 19:32:43 dnsmasq[536]: reading /var/dhcpd/var/db/dhcpd.leases
    Dec 13 19:32:43 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
    Dec 13 19:32:43 dhcpd: All rights reserved.
    Dec 13 19:32:43 dhcpd: Copyright 2004-2008 Internet Systems Consortium.
    Dec 13 19:32:43 dhcpd: Internet Systems Consortium DHCP Server V3.0.7
    Dec 13 18:16:15 sshd[50728]: Did not receive identification string from 140.116.91.23
    Dec 13 18:16:01 sshd[50724]: Failed password for root from 140.116.91.23 port 52190 ssh2
    Dec 13 18:15:58 sshd[50721]: Failed password for root from 140.116.91.23 port 51783 ssh2
    Dec 13 18:15:54 sshd[50718]: Failed password for root from 140.116.91.23 port 51414 ssh2
    Dec 13 18:15:50 sshd[50716]: Failed password for root from 140.116.91.23 port 51216 ssh2
    Dec 13 18:15:48 sshd[50713]: Failed password for root from 140.116.91.23 port 50860 ssh2
    Dec 13 18:15:45 sshd[50711]: Failed password for root from 140.116.91.23 port 50734 ssh2
    Dec 13 18:15:42 sshd[50708]: Failed password for root from 140.116.91.23 port 50313 ssh2
    Dec 13 18:15:38 sshd[50692]: Failed password for root from 140.116.91.23 port 49947 ssh2
    Dec 13 18:15:34 sshd[50689]: Failed password for root from 140.116.91.23 port 49551 ssh2
    Dec 13 18:15:31 sshd[50687]: Failed password for root from 140.116.91.23 port 49261 ssh2
    Dec 13 18:15:27 sshd[50675]: Failed password for root from 140.116.91.23 port 48865 ssh2
    Dec 13 18:15:25 sshd[50658]: Failed password for root from 140.116.91.23 port 48668 ssh2
    Dec 13 18:15:22 sshd[50603]: Failed password for root from 140.116.91.23 port 48292 ssh2
    Dec 13 18:15:19 sshd[50600]: Failed password for root from 140.116.91.23 port 47763 ssh2
    Dec 13 18:15:16 sshd[50598]: Failed password for root from 140.116.91.23 port 47357 ssh2
    Dec 13 18:15:12 sshd[50595]: Failed password for root from 140.116.91.23 port 46859 ssh2
    Dec 13 18:15:09 sshd[50593]: Failed password for root from 140.116.91.23 port 46638 ssh2
    Dec 13 18:15:06 sshd[50590]: Failed password for root from 140.116.91.23 port 45818 ssh2
    Dec 13 18:15:01 sshd[50576]: Failed password for root from 140.116.91.23 port 45583 ssh2
    Dec 13 18:14:57 sshd[50573]: Failed password for root from 140.116.91.23 port 45134 ssh2
    Dec 13 18:14:53 sshd[50570]: Failed password for root from 140.116.91.23 port 44740 ssh2
    Dec 13 18:14:49 sshd[50567]: Failed password for root from 140.116.91.23 port 44207 ssh2
    Dec 13 18:14:45 sshd[50552]: Failed password for root from 140.116.91.23 port 43910 ssh2
    Dec 13 18:14:42 sshd[50549]: Failed password for root from 140.116.91.23 port 43536 ssh2
    Dec 13 18:14:39 sshd[50547]: Failed password for root from 140.116.91.23 port 43433 ssh2
    Dec 13 18:14:36 sshd[50544]: Failed password for root from 140.116.91.23 port 43048 ssh2
    Dec 13 18:14:33 sshd[50541]: Failed password for root from 140.116.91.23 port 42619 ssh2
    Dec 13 18:14:29 sshd[50538]: Failed password for root from 140.116.91.23 port 42248 ssh2
    Dec 13 18:14:25 sshd[50527]: Failed password for root from 140.116.91.23 port 42111 ssh2
    Dec 13 18:14:22 sshd[50457]: Failed password for root from 140.116.91.23 port 41674 ssh2
    Dec 13 18:14:18 sshd[50454]: Failed password for root from 140.116.91.23 port 41304 ssh2
    Dec 13 18:14:14 sshd[50451]: Failed password for root from 140.116.91.23 port 40875 ssh2
    Dec 13 18:14:10 sshd[50449]: Failed password for root from 140.116.91.23 port 40638 ssh2
    Dec 13 18:14:06 sshd[50434]: Failed password for root from 140.116.91.23 port 40235 ssh2
    Dec 13 18:14:03 sshd[50431]: Failed password for root from 140.116.91.23 port 39693 ssh2
    Dec 13 18:13:57 sshd[50428]: Failed password for root from 140.116.91.23 port 39351 ssh2
    Dec 13 18:13:54 sshd[50425]: Failed password for root from 140.116.91.23 port 38873 ssh2
    Dec 13 18:13:50 sshd[50410]: Failed password for root from 140.116.91.23 port 38633 ssh2
    Dec 13 18:13:47 sshd[50407]: Failed password for invalid user teste from 140.116.91.23 port 38296 ssh2
    Dec 13 18:13:47 sshd[50407]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:44 sshd[50405]: Failed password for invalid user teste from 140.116.91.23 port 38099 ssh2
    Dec 13 18:13:44 sshd[50405]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:42 sshd[50402]: Failed password for invalid user teste from 140.116.91.23 port 37642 ssh2
    Dec 13 18:13:42 sshd[50402]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:38 sshd[50399]: Failed password for invalid user teste from 140.116.91.23 port 37232 ssh2
    Dec 13 18:13:38 sshd[50399]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:34 sshd[50396]: Failed password for invalid user teste from 140.116.91.23 port 36733 ssh2
    Dec 13 18:13:34 sshd[50396]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:30 sshd[50394]: Failed password for invalid user teste from 140.116.91.23 port 36473 ssh2
    Dec 13 18:13:30 sshd[50394]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:26 sshd[50382]: Failed password for invalid user teste from 140.116.91.23 port 36028 ssh2
    Dec 13 18:13:26 sshd[50382]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:22 sshd[50333]: Failed password for invalid user teste from 140.116.91.23 port 35502 ssh2
    Dec 13 18:13:22 sshd[50333]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:18 sshd[50309]: Failed password for invalid user teste from 140.116.91.23 port 35033 ssh2
    Dec 13 18:13:18 sshd[50309]: Invalid user teste from 140.116.91.23
    Dec 13 18:13:15 sshd[50307]: Failed password for root from 140.116.91.23 port 34855 ssh2
    Dec 13 18:13:12 sshd[50304]: Failed password for root from 140.116.91.23 port 34435 ssh2
    Dec 13 18:13:08 sshd[50301]: Failed password for root from 140.116.91.23 port 34059 ssh2
    Dec 13 18:13:05 sshd[50299]: Failed password for root from 140.116.91.23 port 33865 ssh2
    Dec 13 18:13:02 sshd[50296]: Failed password for root from 140.116.91.23 port 33413 ssh2
    Dec 13 18:12:58 sshd[50293]: Failed password for root from 140.116.91.23 port 32904 ssh2
    Dec 13 18:12:54 sshd[50277]: Failed password for root from 140.116.91.23 port 60705 ssh2
    Dec 13 18:12:50 sshd[50275]: Failed password for root from 140.116.91.23 port 60579 ssh2
    Dec 13 18:12:47 sshd[50272]: Failed password for root from 140.116.91.23 port 60059 ssh2
    Dec 13 18:12:43 sshd[50269]: Failed password for root from 140.116.91.23 port 59584 ssh2
    Dec 13 18:12:39 sshd[50267]: Failed password for root from 140.116.91.23 port 59070 ssh2
    Dec 13 18:12:36 sshd[50264]: Failed password for root from 140.116.91.23 port 58949 ssh2
    Dec 13 18:12:33 sshd[50261]: Failed password for root from 140.116.91.23 port 58463 ssh2
    Dec 13 18:12:29 sshd[50258]: Failed password for root from 140.116.91.23 port 57970 ssh2
    Dec 13 18:12:25 sshd[50256]: Failed password for root from 140.116.91.23 port 57768 ssh2
    Dec 13 18:12:21 sshd[50244]: Failed password for root from 140.116.91.23 port 57353 ssh2
    Dec 13 18:12:19 sshd[50174]: Failed password for root from 140.116.91.23 port 56877 ssh2
    Dec 13 18:12:15 sshd[50172]: Failed password for root from 140.116.91.23 port 56350 ssh2
    Dec 13 18:12:11 sshd[50169]: Failed password for root from 140.116.91.23 port 56226 ssh2
    Dec 13 18:12:07 sshd[50166]: Failed password for root from 140.116.91.23 port 55774 ssh2
    Dec 13 18:12:05 sshd[50164]: Failed password for root from 140.116.91.23 port 55280 ssh2
    Dec 13 18:12:01 sshd[50160]: Failed password for root from 140.116.91.23 port 55140 ssh2
    Dec 13 18:11:57 sshd[50145]: Failed password for root from 140.116.91.23 port 54723 ssh2
    Dec 13 18:11:54 sshd[50143]: Failed password for root from 140.116.91.23 port 54232 ssh2
    Dec 13 18:11:51 sshd[50140]: Failed password for root from 140.116.91.23 port 54144 ssh2
    Dec 13 18:11:48 sshd[50137]: Failed password for root from 140.116.91.23 port 53638 ssh2
    Dec 13 18:11:44 sshd[50135]: Failed password for root from 140.116.91.23 port 53160 ssh2
    Dec 13 18:11:41 sshd[50132]: Failed password for root from 140.116.91.23 port 53031 ssh2
    Dec 13 18:11:37 sshd[50129]: Failed password for root from 140.116.91.23 port 52531 ssh2
    Dec 13 18:11:33 sshd[50126]: Failed password for root from 140.116.91.23 port 52017 ssh2
    Dec 13 18:11:30 sshd[50124]: Failed password for root from 140.116.91.23 port 51916 ssh2
    Dec 13 18:11:27 sshd[50121]: Failed password for root from 140.116.91.23 port 51429 ssh2
    Dec 13 18:11:23 sshd[50118]: Failed password for root from 140.116.91.23 port 50894 ssh2
    Dec 13 18:11:20 sshd[50105]: Failed password for root from 140.116.91.23 port 50805 ssh2
    Dec 13 18:11:17 sshd[50037]: Failed password for root from 140.116.91.23 port 50287 ssh2
    Dec 13 18:11:13 sshd[50034]: Failed password for root from 140.116.91.23 port 49795 ssh2
    Dec 13 18:11:10 sshd[50032]: Failed password for invalid user postgres from 140.116.91.23 port 49671 ssh2
    Dec 13 18:11:10 sshd[50032]: Invalid user postgres from 140.116.91.23
    Dec 13 18:11:07 sshd[50029]: Failed password for invalid user postgres from 140.116.91.23 port 49214 ssh2
    Dec 13 18:11:07 sshd[50029]: Invalid user postgres from 140.116.91.23
    Dec 13 18:11:04 sshd[50013]: Failed password for invalid user oracle from 140.116.91.23 port 48679 ssh2
    Dec 13 18:11:04 sshd[50013]: Invalid user oracle from 140.116.91.23
    Dec 13 18:11:00 sshd[50011]: Failed password for invalid user oracle from 140.116.91.23 port 48137 ssh2
    Dec 13 18:11:00 sshd[50011]: Invalid user oracle from 140.116.91.23
    Dec 13 18:10:56 sshd[50008]: Failed password for invalid user oracle from 140.116.91.23 port 48092 ssh2
    Dec 13 18:10:56 sshd[50008]: Invalid user oracle from 140.116.91.23
    Dec 13 18:10:54 sshd[50005]: Failed password for root from 140.116.91.23 port 48001 ssh2
    Dec 13 18:10:50 sshd[50003]: Failed password for root from 140.116.91.23 port 47877 ssh2
    Dec 13 18:10:44 sshd[50000]: Failed password for root from 140.116.91.23 port 47819 ssh2
    Dec 13 18:10:41 sshd[49997]: Failed password for root from 140.116.91.23 port 47750 ssh2
    Dec 13 18:10:38 sshd[49994]: Failed password for root from 140.116.91.23 port 47701 ssh2
    Dec 13 18:10:35 sshd[49992]: Failed password for root from 140.116.91.23 port 47630 ssh2
    Dec 13 18:10:33 sshd[49989]: Failed password for root from 140.116.91.23 port 47553 ssh2
    Dec 13 18:10:29 sshd[49986]: Failed password for root from 140.116.91.23 port 47464 ssh2
    Dec 13 18:10:25 sshd[49984]: Failed password for root from 140.116.91.23 port 47401 ssh2
    Dec 13 18:10:22 sshd[49981]: Failed password for root from 140.116.91.23 port 47316 ssh2
    Dec 13 18:10:19 sshd[49970]: Failed password for root from 140.116.91.23 port 47246 ssh2
    Dec 13 18:10:16 sshd[49900]: Failed password for root from 140.116.91.23 port 47150 ssh2
    Dec 13 18:10:12 sshd[49897]: Failed password for root from 140.116.91.23 port 47045 ssh2
    Dec 13 18:10:08 sshd[49869]: Failed password for root from 140.116.91.23 port 46853 ssh2
    Dec 13 18:10:04 sshd[49867]: Failed password for root from 140.116.91.23 port 46666 ssh2
    Dec 13 18:10:02 sshd[49853]: Failed password for root from 140.116.91.23 port 46391 ssh2
    Dec 13 17:57:29 sshd[48541]: Did not receive identification string from 140.116.91.23
    Dec 13 16:21:10 sshd[38357]: Failed password for invalid user test from 211.92.149.147 port 59236 ssh2
    Dec 13 16:21:10 sshd[38357]: Invalid user test from 211.92.149.147
    Dec 13 16:21:07 sshd[38355]: Failed password for invalid user oracle from 211.92.149.147 port 58877 ssh2
    Dec 13 16:21:07 sshd[38355]: Invalid user oracle from 211.92.149.147
    Dec 13 16:21:03 sshd[38352]: Failed password for root from 211.92.149.147 port 58571 ssh2
    Dec 13 16:21:00 sshd[38349]: Failed password for root from 211.92.149.147 port 58276 ssh2
    Dec 13 16:20:57 sshd[38347]: Failed password for root from 211.92.149.147 port 57946 ssh2
    Dec 13 16:20:53 sshd[38344]: Failed password for root from 211.92.149.147 port 57640 ssh2
    Dec 13 16:20:50 sshd[38328]: Failed password for root from 211.92.149.147 port 57359 ssh2
    Dec 13 16:20:47 sshd[38326]: Failed password for root from 211.92.149.147 port 57124 ssh2
    Dec 13 16:20:44 sshd[38323]: Failed password for root from 211.92.149.147 port 56858 ssh2

    Que significan estos logs estan intentando entrara a mi red o son intentos de logueo internos hacia otros sitios?



  • son intentos por ssh a tu server

    ataque de diccionario

    tienes activado el ssh ??



  • Si si lo tengo activado a que te refieres con ataque de diccionario?



  • ¡Hola!

    No es recomendable poner SSH en Internet con el puerto 22 a menos que se le dote de herramientas de bloqueo ante ataques del tipo que estás teniendo.

    Si no puedes cambiar de puerto (el servicio SSH que tienes) tienes que dotar a tu servidor SSH de una herramienta de protección. Por ejemplo:

    http://www.freebsd.org/cgi/url.cgi?ports/security/bruteforceblocker/pkg-descr

    Saludos,

    Josep Pujadas



  • Un ataque de diccionario es un método de cracking que consiste en intentar averiguar una contraseña probando todas las palabras del diccionario. Este tipo de ataque suele ser más eficiente que un ataque de fuerza bruta, ya que muchos usuarios suelen utilizar una palabra existente en su lengua como contraseña para que la clave sea fácil de recordar, lo cual no es una práctica recomendable.

    Los ataques de diccionario tienen pocas probabilidades de éxito con sistemas que emplean contraseñas fuertes con letras en mayúsculas y minúsculas mezcladas con números y con cualquier otro tipo de símbolos. Sin embargo, para la mayoría de los usuarios recordar contraseñas tan complejas resulta complicado. Existen variantes que comprueban también algunas de las típicas sustituciones (determinadas letras por números, intercambio de dos letras, abreviaciones), así como distintas combinaciones de mayúsculas y minúsculas.

    fuente http://es.wikipedia.org/wiki/Ataque_de_diccionario

    yo siempre lo tengo desactivado el ssh y cuando lo necesito lo activo



  • Mejor cambia el puerto del ssh.
    Cualquier puerto 'bien conocido' es objeto de ataques automaticamente.
    Si le pones un puerto alto es menos probable, solo tendras que tenerlo en cuenta en los clientes que se conecten legitimamente, para especificar el puerto
    correcto.

    Un Saludo
    Juanjo A.



  • Perfecto segui la recomendacion cambie el puerto y solo lo activo cuando lo necesito y ahora ya no tengo problemas.

    Gracias



  • hay programa scan donde uno puede saber que puertos estan activos
    ::)


Log in to reply