logwatchのログ
logwatchのログを見てみると
こんな感じで同一のIPから執拗な攻撃を受けているのがわかる
--------------------- pam_unix Begin ------------------------
省略
sshd:
Authentication Failures:
unknown (118.98.221.205): 2911 Time(s)
root (118.98.221.205): 43 Time(s)
mysql (118.98.221.205): 17 Time(s)
list (118.98.221.205): 12 Time(s)
uucp (118.98.221.205): 5 Time(s)
backup (118.98.221.205): 4 Time(s)
irc (118.98.221.205): 4 Time(s)
postfix (118.98.221.205): 4 Time(s)
nobody (118.98.221.205): 1 Time(s)
sys (118.98.221.205): 1 Time(s)
www-data (118.98.221.205): 1 Time(s)
Invalid Users:
Unknown Account: 2911 Time(s)
---------------------- pam_unix End -------------------------
この攻撃を受けている間のトラフィックもMRTGでみるとこんな感じ。
10時前から12時過ぎまで攻撃が続いているのがわかる。
この間、トラフィックは食われているし、ログも無駄にディスクを消費してくれている。もちろんのことCPUも食われる。これが多いときには複数のIPから来るわけだからたまらない。へたすれば半日以上攻撃を続けられてしまうこともある。 ちなみにlogwatchのSSHDのログは下のようになる。ぼっとちゃんはいっしょうけんめい攻撃をしてくれる。
--------------------- SSHD Begin ------------------------
Illegal users from:
118.98.221.205: 3003 times
root: 43 times
gy: 24 times
hk: 24 times
hm: 24 times
hn: 24 times
hr: 24 times
ht: 24 times
hu: 24 times
id: 24 times
ie: 24 times
il: 24 times
in: 24 times
io: 24 times
iq: 24 times
ir: 24 times
is: 24 times
it: 24 times
jm: 24 times
jo: 24 times
jp: 24 times
lk: 24 times
lt: 24 times
lu: 24 times
li: 22 times
lv: 21 times
gw: 19 times
ke: 19 times
lr: 18 times
john: 17 times
mysql: 17 times
ls: 14 times
cs: 13 times
webmaster: 13 times
adam: 12 times
be: 12 times
bf: 12 times
bg: 12 times
bh: 12 times
bi: 12 times
bj: 12 times
bm: 12 times
bn: 12 times
bo: 12 times
br: 12 times
brad: 12 times
bs: 12 times
bt: 12 times
bv: 12 times
bw: 12 times
by: 12 times
bz: 12 times
ca: 12 times
cache: 12 times
cc: 12 times
cf: 12 times
cg: 12 times
ch: 12 times
chris: 12 times
ci: 12 times
ck: 12 times
cl: 12 times
cm: 12 times
cn: 12 times
co: 12 times
cr: 12 times
cu: 12 times
cv: 12 times
cx: 12 times
cy: 12 times
cz: 12 times
de: 12 times
dj: 12 times
dk: 12 times
dm: 12 times
do: 12 times
dz: 12 times
ec: 12 times
ee: 12 times
eg: 12 times
eh: 12 times
er: 12 times
es: 12 times
et: 12 times
eu: 12 times
fi: 12 times
fj: 12 times
fk: 12 times
fm: 12 times
fo: 12 times
fr: 12 times
fx: 12 times
ga: 12 times
gb: 12 times
gd: 12 times
ge: 12 times
gf: 12 times
gh: 12 times
gi: 12 times
gl: 12 times
gm: 12 times
gn: 12 times
gp: 12 times
gq: 12 times
gr: 12 times
gs: 12 times
gt: 12 times
gu: 12 times
headers: 12 times
jobs: 12 times
joe: 12 times
ken: 12 times
kevin: 12 times
kg: 12 times
kh: 12 times
ki: 12 times
km: 12 times
kn: 12 times
kp: 12 times
kr: 12 times
kw: 12 times
ky: 12 times
kz: 12 times
la: 12 times
larry: 12 times
laura: 12 times
lb: 12 times
lc: 12 times
linkexchange: 12 times
links: 12 times
lisa: 12 times
list: 12 times
ly: 12 times
ma: 12 times
mc: 12 times
md: 12 times
mg: 12 times
mh: 12 times
mk: 12 times
ml: 12 times
mm: 12 times
mn: 12 times
ni: 12 times
nl: 12 times
no: 12 times
np: 12 times
nr: 12 times
nt: 12 times
nu: 12 times
nz: 12 times
om: 12 times
pa: 12 times
pe: 12 times
pf: 12 times
pg: 12 times
ph: 12 times
pk: 12 times
pl: 12 times
pm: 12 times
pn: 12 times
postgresql: 12 times
pr: 12 times
pt: 12 times
pw: 12 times
py: 12 times
sendmail: 12 times
siteinfo: 12 times
subdomain: 12 times
telnet: 12 times
webalizer: 12 times
apache: 11 times
chuck: 11 times
edea: 11 times
html: 11 times
lee: 11 times
letters: 11 times
linda: 11 times
link: 11 times
ng: 11 times
seifer: 11 times
webster: 11 times
kelly: 10 times
qa: 10 times
user: 10 times
bd: 9 times
ftpuser: 9 times
johnny: 9 times
test: 9 times
licensing: 8 times
abc: 7 times
art: 7 times
informix: 7 times
listproc: 7 times
marketing: 7 times
updates: 7 times
cisco: 6 times
design: 6 times
info: 6 times
install: 6 times
jennifer: 6 times
oracle: 6 times
smbuser: 6 times
test1: 6 times
test2: 6 times
test3: 6 times
test4: 6 times
test5: 6 times
tomcat: 6 times
vpn: 6 times
admin: 5 times
amanda: 5 times
andrew: 5 times
anthony: 5 times
bill: 5 times
charles: 5 times
cindy: 5 times
customer: 5 times
cyrus: 5 times
david: 5 times
emma: 5 times
enquiries: 5 times
forum: 5 times
helpdesk: 5 times
logs: 5 times
mark: 5 times
michael: 5 times
netdump: 5 times
office: 5 times
postgres: 5 times
postmaster: 5 times
ppp: 5 times
pwrchute: 5 times
sales: 5 times
stats: 5 times
testing: 5 times
tmp: 5 times
uucp: 5 times
vpopmail: 5 times
administrator: 4 times
alex: 4 times
amavis: 4 times
backup: 4 times
cvs: 4 times
dennis: 4 times
engineer: 4 times
enquiry: 4 times
guest: 4 times
ipinfo: 4 times
irc: 4 times
jason: 4 times
majordom: 4 times
majordomo: 4 times
manager: 4 times
mo: 4 times
operator: 4 times
pgsql: 4 times
postfix: 4 times
pvm: 4 times
rpm: 4 times
sasha: 4 times
support: 4 times
temp: 4 times
mod_perl: 3 times
ntran: 2 times
rich: 2 times
rob: 2 times
vhbackup: 2 times
web: 2 times
12345: 1 time
123abc: 1 time
1q2w3e: 1 time
a: 1 time
aly: 1 time
anne: 1 time
billing: 1 time
booking: 1 time
confession: 1 time
dasusr1: 1 time
dave: 1 time
drew: 1 time
edu: 1 time
esther: 1 time
firewall: 1 time
flip: 1 time
fuser: 1 time
gary: 1 time
gerry: 1 time
hayley: 1 time
hector: 1 time
httpd: 1 time
inter: 1 time
karim: 1 time
kiki: 1 time
letmein: 1 time
luciana: 1 time
mailer: 1 time
mario: 1 time
marty: 1 time
menu: 1 time
model: 1 time
new: 1 time
nobody: 1 time
nobody4: 1 time
norton: 1 time
oleg: 1 time
orange: 1 time
password: 1 time
penny: 1 time
racvnc: 1 time
share: 1 time
shipping: 1 time
squid: 1 time
sys: 1 time
sysadm: 1 time
tommy: 1 time
trinity: 1 time
username: 1 time
vivian: 1 time
welcome: 1 time
www-data: 1 time
---------------------- SSHD End -------------------------
キーワード:
参照:[本日のメニュー]