Re: [Fwd: [Exploits] SSH Remote Root password Cracking Tool, Qt 3.x bmp Exploit ...]
Nicolas Rueff wrote:
On Wed, 25 Aug 2004 17:35:36 +0200
Mezig <nissuacfeneyrol-nospam@free.fr> wrote:
1 idée et sinon, je vous joint 1 info de chez K-Otik sur QT et surtout
SSH :( !
Ce qui explique pourquoi j'ai des tentatives de connexion sauvage sur ma
passerelle depuis quelques jours:
Aug 24 17:57:13 firewall sshd[7654]: Failed password for test from ::ffff:67.18.247.2 port 44207 ssh2
Aug 24 17:57:15 firewall sshd[7656]: Failed password for guest from ::ffff:67.18.247.2 port 49327 ssh2
Aug 24 17:57:18 firewall sshd[7659]: Failed password for admin from ::ffff:67.18.247.2 port 39591 ssh2
Aug 24 17:57:20 firewall sshd[7661]: Failed password for admin from ::ffff:67.18.247.2 port 56204 ssh2
Aug 24 17:57:22 firewall sshd[7664]: Failed password for illegal user user from ::ffff:67.18.247.2 port 33377 ssh2
Aug 24 17:57:25 firewall sshd[7666]: Failed password for root from ::ffff:67.18.247.2 port 60536 ssh2
Aug 24 17:57:27 firewall sshd[7669]: Failed password for root from ::ffff:67.18.247.2 port 41287 ssh2
Aug 24 17:57:29 firewall sshd[7671]: Failed password for root from ::ffff:67.18.247.2 port 54616 ssh2
Aug 24 17:57:32 firewall sshd[7674]: Failed password for test from ::ffff:67.18.247.2 port 60438 ssh2
Lol ;)
C 1 'avertissement' technique, mais extérieur à la communauté linux :(!
Par contre le PB peut devenir critique sous peu... , vu la quantité de
serveurs sous des OS Libre... :( !
Sinon , d'après spam-RBL, Adresse IP :
67.18.247.2 .... Cette IP n'est pas recensée dans notre base ... :)!
Tu n'as déjà pas affaire à 1 spammeur... ; mais de là à te rassurer ... ?
Et sinon avec les options
-B, --bogus-nxdomain=<ipaddr>
Transform replies which contain the IP address given into
"No such domain" replies. This is intended to counteract a devious move
made by Versign
in September 2003 when they started returning the address
of an advertising web page in response to queries for unregistered
names, instead of the
correct NXDOMAIN response. This option tells dnsmasq
to fake the correct response when it sees this behaviour. As at Sept
2003 the IP address
being returnd by Verisign is 64.94.110.11
-f, --filterwin2k
Later versions of windows make periodic DNS requests which
don't get sensible answers from the public DNS and can cause problems
by triggering
dial-on-demand links. This flag turns on an option to
filter such requests. The requests blocked are for records of types SOA
and SRV, and type
ANY where the requested name has underscores, to catch
LDAP requests.
.... de dnsmask, il n'y a pas moyen de faire qque chose.... ?
Note que vu mon niveau, c'est pas à toi que je risque 'd'apprendre'
grand-chose ..., ça serai +tôt le contraire :( !
Super ta page, j'y ai lu plein de sujets qui m'intéressent... :) !
Ajoute peut-être qque chose sur ssh et surtout les commandes 'avancées',
si tu peux... :) ?
Cordialement
Mi
Reply to: