=?iso-8859-1?q?Ai=20je=20=E9t=E9=20attaqu=E9?=

charlonet Thu, 23 Dec 2004 13:00:32 -0600

Slt,

J'ai deux de mes serveurs qui m'affichent le message
ci-dessous.


Dec 22 06:18:51 pop sshd(pam_unix)[2755]: session
closed for user root
Dec 22 08:23:04 pop sshd(pam_unix)[3219]: session
opened for user root
by (uid=0)
Dec 22 08:24:05 pop kernel: cl uses obsolete
(PF_INET,SOCK_PACKET)
Dec 22 08:24:05 pop kernel: device eth0 entered
promiscuous mode
Dec 22 08:24:05 pop modprobe: modprobe: Can't locate
module ppp0
Dec 22 08:24:11 pop modprobe: modprobe: Can't locate
module ppp0
Dec 22 08:25:06 pop dÃ©c 22 08:25:06 portmap: ArrÃªt
de portmap
succeeded
Dec 22 08:25:07 pop kernel: Kernel logging (proc)
stopped.
Dec 22 08:25:07 pop kernel: Kernel log daemon
terminating.
Dec 22 08:25:08 pop dÃ©c 22 08:25:08 syslog: ArrÃªt de
klogd succeeded
Dec 22 08:25:08 pop exiting on signal 15

J'ai redemarrer un de ces serveurs et il se bloque au
nivo du système
de fichier /proc.

En consultant les log de la 2ième machine que je men
rends compte que
quelqu'un essai de se connecter en ssh depuis
l'adresse IP 212.78.79.20.
Je joins me fichier secure.log

Dec 22 02:07:22 pop sshd[2272]: Did not receive
identification string
from 212.93.154.239
Dec 22 02:14:32 pop sshd[2277]: Illegal user test from
212.93.154.239
Dec 22 02:14:36 pop sshd[2279]: Illegal user guest
from 212.93.154.239
Dec 22 02:14:39 pop sshd[2281]: Illegal user admin
from 212.93.154.239
Dec 22 02:14:43 pop sshd[2283]: Illegal user admin
from 212.93.154.239
Dec 22 02:14:45 pop sshd[2285]: Illegal user user from
212.93.154.239
Dec 22 02:14:54 pop sshd[2287]: Failed password for
root from
212.93.154.239 port 2152 ssh2
Dec 22 02:15:01 pop sshd[2289]: Failed password for
root from
212.93.154.239 port 2277 ssh2
Dec 22 02:15:06 pop sshd[2295]: Failed password for
root from
212.93.154.239 port 2389 ssh2
Dec 22 02:15:08 pop sshd[2297]: Illegal user test from
212.93.154.239
Dec 22 04:00:09 pop sshd[2391]: Did not receive
identification string
from 212.78.79.20
Dec 22 04:07:16 pop sshd[2743]: Failed password for
nobody from
212.78.79.20 port 51318 ssh2
Dec 22 04:07:18 pop sshd[2745]: Illegal user patrick
from 212.78.79.20
Dec 22 04:07:20 pop sshd[2747]: Illegal user patrick
from 212.78.79.20
Dec 22 04:07:24 pop sshd[2749]: Failed password for
root from
212.78.79.20 port 53405 ssh2
Dec 22 04:07:29 pop sshd[2751]: Failed password for
root from
212.78.79.20 port 54127 ssh2
Dec 22 04:07:33 pop sshd[2753]: Failed password for
root from
212.78.79.20 port 54833 ssh2
Dec 22 04:07:35 pop sshd[2755]: Accepted password for
root from
212.78.79.20 port 55505 ssh2
Dec 22 04:07:45 pop sshd[2797]: Failed password for
root from
212.78.79.20 port 56774 ssh2
Dec 22 04:07:47 pop sshd[2799]: Illegal user rolo from
212.78.79.20
Dec 22 04:07:49 pop sshd[2801]: Illegal user iceuser
from 212.78.79.20
Dec 22 04:07:51 pop sshd[2803]: Illegal user horde
from 212.78.79.20
Dec 22 04:07:53 pop sshd[2805]: Illegal user cyrus
from 212.78.79.20
Dec 22 04:07:55 pop sshd[2807]: Illegal user www from
212.78.79.20
Dec 22 04:07:57 pop sshd[2809]: Illegal user wwwrun
from 212.78.79.20
Dec 22 04:07:59 pop sshd[2811]: Illegal user matt from
212.78.79.20
Dec 22 04:08:01 pop sshd[2813]: Illegal user test from
212.78.79.20
Dec 22 04:08:03 pop sshd[2815]: Illegal user test from
212.78.79.20
Dec 22 04:08:05 pop sshd[2817]: Illegal user test from
212.78.79.20
Dec 22 04:08:07 pop sshd[2819]: Illegal user test from
212.78.79.20
Dec 22 04:08:08 pop sshd[2821]: Illegal user www-data
from 212.78.79.20
Dec 22 04:08:13 pop sshd[2823]: Failed password for
mysql from
212.78.79.20 port 60777 ssh2
Dec 22 04:08:17 pop sshd[2825]: Failed password for
operator from
212.78.79.20 port 33131 ssh2
Dec 22 04:08:21 pop sshd[2827]: Failed password for
adm from
212.78.79.20 port 33708 ssh2
Dec 22 04:08:25 pop sshd[2829]: Failed password for
apache from
212.78.79.20 port 34274 ssh2
Dec 22 04:08:27 pop sshd[2831]: Illegal user irc from
212.78.79.20
Dec 22 04:08:29 pop sshd[2833]: Illegal user irc from
212.78.79.20
Dec 22 04:08:34 pop sshd[2835]: Failed password for
adm from
212.78.79.20 port 35388 ssh2
Dec 22 04:08:38 pop sshd[2837]: Failed password for
root from
212.78.79.20 port 35951 ssh2
Dec 22 04:08:42 pop sshd[2839]: Failed password for
root from
212.78.79.20 port 36501 ssh2
Dec 22 04:08:46 pop sshd[2841]: Failed password for
root from
212.78.79.20 port 37057 ssh2
Dec 22 04:08:48 pop sshd[2843]: Illegal user jane from
212.78.79.20
Dec 22 04:08:50 pop sshd[2845]: Illegal user pamela
from 212.78.79.20
Dec 22 04:08:54 pop sshd[2847]: Failed password for
root from
212.78.79.20 port 38140 ssh2
Dec 22 04:08:59 pop sshd[2849]: Failed password for
root from
212.78.79.20 port 38733 ssh2
Dec 22 04:09:03 pop sshd[2851]: Failed password for
root from
212.78.79.20 port 39307 ssh2
Dec 22 04:09:07 pop sshd[2853]: Failed password for
root from
212.78.79.20 port 39886 ssh2
Dec 22 04:09:11 pop sshd[2855]: Failed password for
root from
212.78.79.20 port 40483 ssh2
Dec 22 04:09:13 pop sshd[2857]: Illegal user cosmin
from 212.78.79.20
Dec 22 04:09:18 pop sshd[2859]: Failed password for
root from
212.78.79.20 port 41347 ssh2
Dec 22 04:09:22 pop sshd[2861]: Failed password for
root from
212.78.79.20 port 41924 ssh2
Dec 22 04:09:26 pop sshd[2863]: Failed password for
root from
212.78.79.20 port 42460 ssh2
Dec 22 04:09:30 pop sshd[2865]: Failed password for
root from
212.78.79.20 port 43039 ssh2
Dec 22 04:09:40 pop sshd[2867]: Failed password for
root from
212.78.79.20 port 43593 ssh2
Dec 22 04:09:44 pop sshd[2869]: Failed password for
root from
212.78.79.20 port 44802 ssh2
Dec 22 04:09:48 pop sshd[2871]: Failed password for
root from
212.78.79.20 port 45385 ssh2
Dec 22 04:09:53 pop sshd[2873]: Failed password for
root from
212.78.79.20 port 45929 ssh2
Dec 22 04:09:57 pop sshd[2875]: Failed password for
root from
212.78.79.20 port 46493 ssh2
Dec 22 04:10:01 pop sshd[2877]: Failed password for
root from
212.78.79.20 port 47028 ssh2
Dec 22 04:10:05 pop sshd[2883]: Failed password for
root from
212.78.79.20 port 47559 ssh2
Dec 22 04:10:10 pop sshd[2885]: Failed password for
root from
212.78.79.20 port 48090 ssh2
Dec 22 04:10:14 pop sshd[2887]: Failed password for
root from
212.78.79.20 port 48619 ssh2
Dec 22 04:10:18 pop sshd[2889]: Failed password for
root from
212.78.79.20 port 49159 ssh2
Dec 22 04:10:22 pop sshd[2891]: Failed password for
root from
212.78.79.20 port 49711 ssh2
Dec 22 04:10:27 pop sshd[2893]: Failed password for
root from
212.78.79.20 port 50252 ssh2
Dec 22 04:10:31 pop sshd[2895]: Failed password for
root from
212.78.79.20 port 50820 ssh2
Dec 22 04:10:35 pop sshd[2897]: Failed password for
root from
212.78.79.20 port 51413 ssh2
Dec 22 04:10:39 pop sshd[2899]: Failed password for
root from
212.78.79.20 port 52011 ssh2
Dec 22 04:10:44 pop sshd[2901]: Failed password for
root from
212.78.79.20 port 52602 ssh2
Dec 22 04:10:48 pop sshd[2903]: Failed password for
root from
212.78.79.20 port 53198 ssh2
Dec 22 04:10:52 pop sshd[2905]: Failed password for
root from
212.78.79.20 port 53806 ssh2
Dec 22 04:10:56 pop sshd[2907]: Failed password for
root from
212.78.79.20 port 54389 ssh2
Dec 22 04:11:01 pop sshd[2909]: Failed password for
root from
212.78.79.20 port 55004 ssh2
Dec 22 04:11:05 pop sshd[2911]: Failed password for
root from
212.78.79.20 port 55611 ssh2
Dec 22 04:11:09 pop sshd[2913]: Failed password for
root from
212.78.79.20 port 56210 ssh2
Dec 22 04:11:13 pop sshd[2915]: Failed password for
root from
212.78.79.20 port 56772 ssh2
Dec 22 04:11:18 pop sshd[2917]: Failed password for
root from
212.78.79.20 port 57314 ssh2
Dec 22 04:11:22 pop sshd[2919]: Failed password for
root from
212.78.79.20 port 57859 ssh2
Dec 22 04:11:26 pop sshd[2921]: Failed password for
root from
212.78.79.20 port 58402 ssh2
Dec 22 04:11:31 pop sshd[2923]: Failed password for
root from
212.78.79.20 port 58927 ssh2
Dec 22 04:11:35 pop sshd[2925]: Failed password for
root from
212.78.79.20 port 59483 ssh2
Dec 22 04:11:39 pop sshd[2927]: Failed password for
root from
212.78.79.20 port 60023 ssh2
Dec 22 04:11:43 pop sshd[2929]: Failed password for
root from
212.78.79.20 port 60533 ssh2
Dec 22 04:11:48 pop sshd[2931]: Failed password for
root from
212.78.79.20 port 32803 ssh2
Dec 22 04:11:52 pop sshd[2933]: Failed password for
root from
212.78.79.20 port 33338 ssh2
Dec 22 04:11:54 pop sshd[2935]: Illegal user cip52
from 212.78.79.20
Dec 22 04:11:56 pop sshd[2937]: Illegal user cip51
from 212.78.79.20
Dec 22 04:12:00 pop sshd[2939]: Failed password for
root from
212.78.79.20 port 34329 ssh2
Dec 22 04:12:02 pop sshd[2941]: Illegal user noc from
212.78.79.20
Dec 22 04:12:06 pop sshd[2943]: Failed password for
root from
212.78.79.20 port 35122 ssh2
Dec 22 04:12:10 pop sshd[2945]: Failed password for
root from
212.78.79.20 port 35676 ssh2
Dec 22 04:12:15 pop sshd[2947]: Failed password for
root from
212.78.79.20 port 36228 ssh2
Dec 22 04:12:19 pop sshd[2949]: Failed password for
root from
212.78.79.20 port 36803 ssh2
Dec 22 04:12:21 pop sshd[2951]: Illegal user webmaster
from
212.78.79.20
Dec 22 04:12:23 pop sshd[2953]: Illegal user data from
212.78.79.20
Dec 22 04:12:25 pop sshd[2955]: Illegal user user from
212.78.79.20
Dec 22 04:12:27 pop sshd[2957]: Illegal user user from
212.78.79.20
Dec 22 04:12:28 pop sshd[2959]: Illegal user user from
212.78.79.20
Dec 22 04:12:30 pop sshd[2961]: Illegal user web from
212.78.79.20
Dec 22 04:12:32 pop sshd[2963]: Illegal user web from
212.78.79.20
Dec 22 04:12:34 pop sshd[2965]: Illegal user oracle
from 212.78.79.20
Dec 22 04:12:36 pop sshd[2967]: Illegal user sybase
from 212.78.79.20
Dec 22 04:12:38 pop sshd[2969]: Illegal user master
from 212.78.79.20
Dec 22 04:12:40 pop sshd[2971]: Illegal user account
from 212.78.79.20
Dec 22 04:12:42 pop sshd[2973]: Illegal user backup
from 212.78.79.20
Dec 22 04:12:44 pop sshd[2975]: Illegal user server
from 212.78.79.20
Dec 22 04:12:46 pop sshd[2977]: Illegal user adam from
212.78.79.20
Dec 22 04:12:48 pop sshd[2979]: Illegal user alan from
212.78.79.20
Dec 22 04:12:49 pop sshd[2981]: Illegal user frank
from 212.78.79.20
Dec 22 04:12:51 pop sshd[2983]: Illegal user george
from 212.78.79.20
Dec 22 04:12:53 pop sshd[2985]: Illegal user henry
from 212.78.79.20
Dec 22 04:12:55 pop sshd[2987]: Illegal user john from
212.78.79.20
Dec 22 04:12:59 pop sshd[2989]: Failed password for
root from
212.78.79.20 port 41767 ssh2
Dec 22 04:13:04 pop sshd[2991]: Failed password for
root from
212.78.79.20 port 42212 ssh2
Dec 22 04:13:08 pop sshd[2993]: Failed password for
root from
212.78.79.20 port 42646 ssh2
Dec 22 04:13:12 pop sshd[2995]: Failed password for
root from
212.78.79.20 port 43095 ssh2
Dec 22 04:13:16 pop sshd[2997]: Failed password for
root from
212.78.79.20 port 43527 ssh2
Dec 22 04:13:18 pop sshd[2999]: Illegal user test from
212.78.79.20
Dec 22 08:23:03 pop sshd[3219]: Accepted password for
root from
212.78.79.20 port 40528 ssh2


Est ce que j'ai attaqué ?

=====
----------------------------------------------------------------------
KOUAME KOUAKOU Charles Jonas

GSM : +225 08 00 74 80
GSM : +225 05 96 06 54 
skype : charlonet


Adresse Postale : 06 BP 1217 Abidjan 06
                      Côte d'Ivoire

Vous avez réçu gratuitement donnez gratuitement (Mt 10,8)

Le Pingouin Noir


        

        
                
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

=?iso-8859-1?q?Ai=20je=20=E9t=E9=20attaqu=E9?=

Répondre à