sshブルートフォースの今
Published: 2011/01/31
sshブルートフォースは2006年頃から大量に観測してますが今現在もひどいです。
サーバーをネットにつないで数時間もすればブルートフォースの対象になります。
すくなくとも、sshのポート番号は22から変えたほうがいいでしょう。
それから基本中の基本ですが、やはり、
- sshを利用したrootログインの禁止
- 単純なパスワードの禁止
も。
ホスティングサービスを使っている場合も同じです。
ここ一ヶ月間の攻撃元。
IP address | name | AS | AS Name | 国 | 頻度 |
---|---|---|---|---|---|
64.244.22.250 | NONE | 2828 | XO-AS15 | US | 389 |
61.221.104.1 | 61-221-104-1.HINET-IP.hinet.net. | 3462 | HiNet | TW | 7 |
121.12.116.136 | NONE | 4134 | CHINA-TELECOM | CN | 13 |
202.96.188.125 | ppp125.zhongshan.gd.cn. | 4134 | CHINA-TELECOM | CN | 11 |
222.222.194.187 | NONE | 4134 | CHINA-TELECOM | CN | 12 |
58.215.78.163 | NONE | 4134 | CHINA-TELECOM | CN | 1 |
61.136.150.140 | NONE | 4134 | CHINA-TELECOM | CN | 2 |
61.145.118.190 | NONE | 4134 | CHINA-TELECOM | CN | 17 |
202.119.208.220 | NONE | 4538 | ERX-CERNET-BKB-CHINA | CN | 1 |
119.196.21.224 | NONE | 4766 | KIXS-AS-KR-KR | KR | 2 |
125.130.146.9 | NONE | 4766 | KIXS-AS-KR-KR | KR | 13 |
210.66.168.73 | NONE | 4780 | SEEDNET | TW | 4 |
58.128.187.66 | NONE | 4808 | CHINA169-BJ | CN | 22 |
124.74.214.214 | NONE | 4812 | CHINANET-SH-AP | CN | 18 |
112.81.47.28 | NONE | 4837 | CHINA169-BACKBONE | CN | 10 |
119.188.7.192 | NONE | 4837 | CHINA169-BACKBONE | CN | 30 |
60.2.236.226 | NONE | 4837 | CHINA169-BACKBONE | CN | 193 |
60.220.224.103 | 103.224.220.60.adsl-pool.sx.cn. | 4837 | CHINA169-BACKBONE | CN | 46 |
86.101.140.2 | catv-86-101-140-2.catv.broadband.hu. | 6830 | UPC | HU | 326 |
195.2.92.166 | vm204.vm.host.ru. | 6903 | ZENON-AS | RU | 53 |
123.30.49.8 | static.vdc.vn. | 7643 | VNN-AS-AP | VN | 23 |
89.179.135.12 | NONE | 8402 | CORBINA-AS | RU | 548 |
118.142.11.52 | NONE | 9304 | HUTCHISON-AS-AP | HK | 8 |
116.127.120.5 | NONE | 9318 | HANARO-AS-KR | KR | 22 |
175.119.156.164 | NONE | 9318 | HANARO-AS-KR | KR | 14 |
61.7.235.206 | NONE | 9931 | CAT-AP | TH | 1 |
121.88.249.122 | NONE | 10036 | CNM-AS-KR-KR | KR | 68 |
202.61.184.2 | 202.61.184.2.static.rev.dft.com.au. | 10113 | DATAFAST-AP | AU | 30 |
94.137.179.67 | NONE | 12497 | SANET-GE | GE | 34 |
125.100.175.147 | 125x100x175x147.ap125.ftth.ucom.ne.jp. | 17506 | UCOM | JP | 78 |
210.51.52.132 | NONE | 17621 | CNCGROUP-SH | CN | 1 |
210.21.221.154 | NONE | 17623 | CNCGROUP-SZ | CN | 44 |
115.248.31.76 | NONE | 18101 | RIL-IDC | IN | 7 |
178.18.18.54 | NONE | 18779 | EGIHOSTING | US | 2 |
64.120.144.85 | fleckered.info. | 21788 | BurstNet | US | 76 |
220.181.148.218 | NONE | 23724 | CHINANET-IDC-BJ-AP | CN | 17 |
72.167.141.17 | ip-72-167-141-17.ip.secureserver.net. | 26496 | PAH-INC | US | 32 |
109.169.21.19 | NONE | 29131 | RAPIDSWITCH-AS | GB | 61 |
109.169.59.120 | NONE | 29761 | OC3NETWORKS | US | 1 |
109.169.64.19 | NONE | 29761 | OC3NETWORKS | GB | 6 |
64.15.156.111 | not-assigned.privatedns.com. | 32613 | IWEB-AS | CA | 16 |
89.238.176.196 | 196.176.238.89.in-addr.vps247.com. | 33970 | OPENHOSTING | GB | 42 |
208.64.224.211 | 211-224-64-208-dedicated.multacom.com. | 35916 | MULTA-ASN1 | US | 52 |
178.18.16.15 | NONE | 36167 | NETRIPLEX01 | US | 70 |
50.22.12.94 | 50.22.12.94-static.reverse.softlayer.com. | 36351 | SOFTLAYER | CA | 14 |
50.23.134.98 | 50.23.134.98-static.reverse.softlayer.com. | 36351 | SOFTLAYER | CA | 389 |
182.140.131.133 | NONE | 38283 | CHINANET-SCIDC-AS-AP | CN | 13 |
85.198.188.145 | heap5.navy.dp.ua. | 42471 | FALSTAP-AS | UA | 38 |
120.138.96.21 | 21-96-138-120.mysipl.com. | 45194 | SIPL-AS | IN | 8 |
211.252.223.202 | NONE | 45400 | NICNET | KR | 12 |
180.210.207.167 | ns167.limebox.com.sg. | 45634 | SPARKSTATION-SG-AP | SG | 30 |
113.160.43.246 | static.vnpt-hanoi.com.vn. | 45899 | VNPT-AS-VN | VN | 31 |
国別攻撃元ホストの数の割合
国別攻撃頻度
攻撃対象ユーザーID辞書。
____ a aaliyah aaron abby abc abigail ace adela admin adrian adv Agalloch akkopu alan alessandro alex alexa alexandra alexandru alexis alias alliance allison alyssa amanda amar ana anca anda andrea andreas andrew andrey anna annuaire anonymous ant anthony anti antica applmgr applprod appuser arianna armen aron ashley asia audrey ava avenues avery awstats backup backuppc bailey beleaua benjamin bernd blog blue bob brett brian brianna brooke bruno bula bureau caleb callhome carlos caroline cburgos cgarrido chandimal chenbing chencong chloe chuck cindy cisco claire cmd cncp coco comi command console contabil contempo core cosinus courier craig crisan cristi cristina cs cvsuser1 cvsuser cyrus dan dana dank danny darek darkman dasusr1 data dave david db2fenc1 db2inst1 delta denis deploy der desk desktop destiny diane dingcx director dixon dmitry dnp doina doodz doomi dorina dot download dragon dream duane economist eddie elite elizabeth ella emily emma emuleon enrique eric erin ernest ernie esther exim fabrice faith farrell felix festival files filter firebird firewall first fish fix flexshare florin fluffy folkert foobar fotograf fred free frei ftpsecure ftptest ftpuser gabriella gabrielle gary gast gdm generalmanager genoveva gnax gold grace greg gruiz gt05 guest guma hacluster hailey haitac hallo hannah hans help hermes hostmaster http httpd huruya igor im image ina info informix input ionita ionut ionutz Ionutz iraf ircd iresha isabel isabella isabelle its jasmin jasmine java javi jb je jean jeffrey jeni jenna jessica jessie john joomla jordan juan jubar julia jurca kaitlyn kate katherine katie kayla kaylee kenny kent kevin kim komatsu kor kumichan kylie lab lady lahiru laptop laura lauren lead leah library lily linda linux liu loverd lucia mackenzie madeline madhuri madison makayla malika mama mana manchester maria mark marketing marta martin master matt matteo max maya mckey medie megan Melk mia michael michaels michal michel michelle mike miriam moderna moised molly mom monica morgan moshutzu music mysql mythtv n3os nagios natalie neetha netdump network nfsnobody nick nickelan nicole nokia notes notorius ntp nuevos numis office oliver olivia oprea oracle paige palex passwd paul paula pc pegasus photo php pieter PlcmSpIp plcmspip pol portal postgres postgrey preist print production project prueba public pufy quake quegen r00t radmin radu rafael raja rasika raul rebecca reboot reception remote restart rfuentes richer riley rob rodney romeo roo root rpcuser rrojas ryan saito sakura sales samantha samuel sanderson sarah sarolta sauv savannah save scanner scott sebestyen senaka seongjin server setup seven sharon shell shelton shipping shop short sid sin sirsi skid skylar sony sophia sophie spam spamd spamfiltrer spik sponsor squid squirrelmail ss staff stats status stella stephanie steve stud student styx sun suporte support susan svn swsoft sydney system-mysql tachel taylor TeamSpeak teamspeam temp temporal test10 test11 test12 test123 test1 test2 test3 test4 test5 test6 test7 test test8 test9 tester testguy thlow tim tomcat tomcat5 tone tordai torrent toto town tracker transfer trash trinity ts tuningar turbo ubuntu unix update upload user01 user02 user1 user user2 user3 username usuario utente util1 vadmin valas vicky victoria video vincent visitor vivek vmail vmware vnc vwalker water web webadmin webalizer weblogic webmaster webrun webster wei wenan whitecanyon wiber wilkins william williamson wolfgang word worker wrestling www www-data x xbox xx xxx yarul yclee zabbix zako zemba zhangwanzhou zimbra zoe
関連:sshブルートフォースアタック(brute force attack)続く
by jyake