[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: intrusion par ssh

Hello,

> Bonjour,
>
> Ci-après le contenu de deux logchecks de ce matin. Il me semble qu'il
> s'agit de tentatives (infructueuses:) de se loguer sur ma machine via
> ssh.
>
> Quelqu'un peut-il m'indiquer comment je devrais réagir en termes de
> sécurisation, identification (commandes) et répression (abuse)?

1/ Ne pas permettre de se logguer directement root en SSH
2/ Mettre les IPs dans le host.deny
3/ Tracer les IPs
4/ Surveiller les logs
5/ Mailer le provider de l'IP
6/ Garder les logs

Voilà ce que je peux te dire. Il y a certainement d'autres choses à faire ;)

++

>
> Journal de 5h02:
>
> Security Events
>  =-=-=-=-=-=-=- Mar 23 04:46:03 GDem3 sshd[11168]: Failed password for
> illegal user
> test from ::ffff:211.176.33.46 port 50152 ssh2 Mar 23 04:46:06 GDem3
> sshd[11174]: Failed password for illegal user guest from
> ::ffff:211.176.33.46 port 50252 ssh2 Mar 23 04:46:08 GDem3 sshd[11176]:
> Illegal user admin from ::ffff:211.176.33.46 Mar 23 04:46:08 GDem3
> sshd[11176]: Failed password for illegal user admin from
> ::ffff:211.176.33.46 port 50344 ssh2 Mar 23 04:46:11 GDem3 sshd[11182]:
> Illegal user admin from ::ffff:211.176.33.46 Mar 23 04:46:11 GDem3
> sshd[11182]: Failed password for illegal user admin from
> ::ffff:211.176.33.46 port 50439 ssh2 Mar 23 04:46:14 GDem3 sshd[11184]:
> Failed password for illegal user user from ::ffff:211.176.33.46 port
> 50526 ssh2 Mar 23 04:46:17 GDem3 sshd[11190]: Failed password for root
> from ::ffff:211.176.33.46 port 50618 ssh2 Mar 23 04:46:20 GDem3
> sshd[11192]: Failed password for root from ::ffff:211.176.33.46 port
> 50711 ssh2 Mar 23 04:46:23 GDem3 sshd[11199]: Failed password for root
> from ::ffff:211.176.33.46 port 50797 ssh2 Mar 23 04:46:26 GDem3
> sshd[11201]: Failed password for illegal user test from
> ::ffff:211.176.33.46 port 50890 ssh2
>
>  System Events
>  =-=-=-=-=-=- Mar 23 04:46:03 GDem3 sshd[11168]: Illegal user test from
> ::ffff:211.176.33.46 Mar 23 04:46:03 GDem3 sshd[11168]: error: Could not
> get shadow information for NOUSER Mar 23 04:46:06 GDem3 sshd[11174]:
> Illegal user guest from ::ffff:211.176.33.46 Mar 23 04:46:06 GDem3
> sshd[11174]: error: Could not get shadow information for NOUSER Mar 23
> 04:46:08 GDem3 sshd[11176]: error: Could not get shadow information for
> NOUSER Mar 23 04:46:11 GDem3 sshd[11182]: error: Could not get shadow
> information for NOUSER Mar 23 04:46:14 GDem3 sshd[11184]: Illegal user
> user from ::ffff:211.176.33.46 Mar 23 04:46:14 GDem3 sshd[11184]: error:
> Could not get shadow information for NOUSER Mar 23 04:46:26 GDem3
> sshd[11201]: Illegal user test from ::ffff:211.176.33.46 Mar 23 04:46:26
> GDem3 sshd[11201]: error: Could not get shadow information for NOUSER
>
>
>
> Journal de 10h02:
>
> Security Events
>  =-=-=-=-=-=-=- Mar 23 09:11:39 GDem3 sshd[27590]: Failed password for
> root from
> ::ffff:62.193.236.45 port 45567 ssh2 Mar 23 09:11:40 GDem3 sshd[27592]:
> Failed password for root from ::ffff:62.193.236.45 port 45687 ssh2 Mar
> 23 09:11:41 GDem3 sshd[27594]: Failed password for root from
> ::ffff:62.193.236.45 port 45769 ssh2 Mar 23 09:11:42 GDem3 sshd[27596]:
> Failed password for root from ::ffff:62.193.236.45 port 45851 ssh2 Mar
> 23 09:11:42 GDem3 sshd[27598]: Failed password for root from
> ::ffff:62.193.236.45 port 45936 ssh2 Mar 23 09:11:43 GDem3 sshd[27600]:
> Failed password for root from ::ffff:62.193.236.45 port 46006 ssh2 Mar
> 23 09:11:44 GDem3 sshd[27602]: Failed password for root from
> ::ffff:62.193.236.45 port 46076 ssh2 Mar 23 09:11:44 GDem3 sshd[27608]:
> Failed password for root from ::ffff:62.193.236.45 port 46156 ssh2
>
>
> GD
>
>
Reply to: