[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Fwd: [Exploits] SSH Remote Root password Cracking Tool, Qt 3.x bmp Exploit ...]

Nicolas Rueff wrote:


On Wed, 25 Aug 2004 17:35:36 +0200
Mezig <nissuacfeneyrol-nospam@free.fr> wrote:
1 idée et sinon, je vous joint 1 info de chez K-Otik sur QT et surtout SSH :( ! 

Ce qui explique pourquoi j'ai des tentatives de connexion sauvage sur ma
passerelle depuis quelques jours:

Aug 24 17:57:13 firewall sshd[7654]: Failed password for test from ::ffff:67.18.247.2 port 44207 ssh2
Aug 24 17:57:15 firewall sshd[7656]: Failed password for guest from ::ffff:67.18.247.2 port 49327 ssh2
Aug 24 17:57:18 firewall sshd[7659]: Failed password for admin from ::ffff:67.18.247.2 port 39591 ssh2
Aug 24 17:57:20 firewall sshd[7661]: Failed password for admin from ::ffff:67.18.247.2 port 56204 ssh2
Aug 24 17:57:22 firewall sshd[7664]: Failed password for illegal user user from ::ffff:67.18.247.2 port 33377 ssh2
Aug 24 17:57:25 firewall sshd[7666]: Failed password for root from ::ffff:67.18.247.2 port 60536 ssh2
Aug 24 17:57:27 firewall sshd[7669]: Failed password for root from ::ffff:67.18.247.2 port 41287 ssh2
Aug 24 17:57:29 firewall sshd[7671]: Failed password for root from ::ffff:67.18.247.2 port 54616 ssh2
Aug 24 17:57:32 firewall sshd[7674]: Failed password for test from ::ffff:67.18.247.2 port 60438 ssh2

Lol ;)
C 1 'avertissement' technique, mais extérieur à la communauté linux :(! Par contre le PB peut devenir critique sous peu... , vu la quantité de serveurs sous des OS Libre... :( !
Sinon , d'après spam-RBL, Adresse IP : 
67.18.247.2 .... Cette IP n'est pas recensée dans notre base ... :)!


Tu n'as déjà pas affaire à 1 spammeur... ; mais de là à te rassurer ... ?

Et sinon avec les options

-B, --bogus-nxdomain=<ipaddr>
Transform replies which contain the IP address given into "No such domain" replies. This is intended to counteract a devious move made by Versign in September 2003 when they started returning the address of an advertising web page in response to queries for unregistered names, instead of the correct NXDOMAIN response. This option tells dnsmasq to fake the correct response when it sees this behaviour. As at Sept 2003 the IP address 
             being returnd by Verisign is 64.94.110.11

-f, --filterwin2k
Later versions of windows make periodic DNS requests which don't get sensible answers from the public DNS and can cause problems by triggering dial-on-demand links. This flag turns on an option to filter such requests. The requests blocked are for records of types SOA and SRV, and type ANY where the requested name has underscores, to catch LDAP requests. 

.... de dnsmask, il n'y a pas moyen de faire qque chose.... ?
Note que vu mon niveau, c'est pas à toi que je risque 'd'apprendre' grand-chose ..., ça serai +tôt le contraire :( ! 

Super ta page, j'y ai lu plein de sujets qui m'intéressent... :) !
Ajoute peut-être qque chose sur ssh et surtout les commandes 'avancées', si tu peux... :) ? 

Cordialement

Mi
Reply to: