cNotes 検索 一覧 カテゴリ

sshブルートフォースの今

Published: 2011/01/31

sshブルートフォースは2006年頃から大量に観測してますが今現在もひどいです。

サーバーをネットにつないで数時間もすればブルートフォースの対象になります。

すくなくとも、sshのポート番号は22から変えたほうがいいでしょう。

それから基本中の基本ですが、やはり、

  • sshを利用したrootログインの禁止
  • 単純なパスワードの禁止

も。

ホスティングサービスを使っている場合も同じです。


ここ一ヶ月間の攻撃元。
IP addressnameASAS Name頻度
64.244.22.250NONE2828XO-AS15US389
61.221.104.161-221-104-1.HINET-IP.hinet.net.3462HiNetTW7
121.12.116.136NONE4134CHINA-TELECOMCN13
202.96.188.125ppp125.zhongshan.gd.cn.4134CHINA-TELECOMCN11
222.222.194.187NONE4134CHINA-TELECOMCN12
58.215.78.163NONE4134CHINA-TELECOMCN1
61.136.150.140NONE4134CHINA-TELECOMCN2
61.145.118.190NONE4134CHINA-TELECOMCN17
202.119.208.220NONE4538ERX-CERNET-BKB-CHINACN1
119.196.21.224NONE4766KIXS-AS-KR-KRKR2
125.130.146.9NONE4766KIXS-AS-KR-KRKR13
210.66.168.73NONE4780SEEDNETTW4
58.128.187.66NONE4808CHINA169-BJCN22
124.74.214.214NONE4812CHINANET-SH-APCN18
112.81.47.28NONE4837CHINA169-BACKBONECN10
119.188.7.192NONE4837CHINA169-BACKBONECN30
60.2.236.226NONE4837CHINA169-BACKBONECN193
60.220.224.103103.224.220.60.adsl-pool.sx.cn.4837CHINA169-BACKBONECN46
86.101.140.2catv-86-101-140-2.catv.broadband.hu.6830UPCHU326
195.2.92.166vm204.vm.host.ru.6903ZENON-ASRU53
123.30.49.8static.vdc.vn.7643VNN-AS-APVN23
89.179.135.12NONE8402CORBINA-ASRU548
118.142.11.52NONE9304HUTCHISON-AS-APHK8
116.127.120.5NONE9318HANARO-AS-KRKR22
175.119.156.164NONE9318HANARO-AS-KRKR14
61.7.235.206NONE9931CAT-APTH1
121.88.249.122NONE10036CNM-AS-KR-KRKR68
202.61.184.2202.61.184.2.static.rev.dft.com.au.10113DATAFAST-APAU30
94.137.179.67NONE12497SANET-GEGE34
125.100.175.147125x100x175x147.ap125.ftth.ucom.ne.jp.17506UCOMJP78
210.51.52.132NONE17621CNCGROUP-SHCN1
210.21.221.154NONE17623CNCGROUP-SZCN44
115.248.31.76NONE18101RIL-IDCIN7
178.18.18.54NONE18779EGIHOSTINGUS2
64.120.144.85fleckered.info.21788BurstNetUS76
220.181.148.218NONE23724CHINANET-IDC-BJ-APCN17
72.167.141.17ip-72-167-141-17.ip.secureserver.net.26496PAH-INCUS32
109.169.21.19NONE29131RAPIDSWITCH-ASGB61
109.169.59.120NONE29761OC3NETWORKSUS1
109.169.64.19NONE29761OC3NETWORKSGB6
64.15.156.111not-assigned.privatedns.com.32613IWEB-ASCA16
89.238.176.196196.176.238.89.in-addr.vps247.com.33970OPENHOSTINGGB42
208.64.224.211211-224-64-208-dedicated.multacom.com.35916MULTA-ASN1US52
178.18.16.15NONE36167NETRIPLEX01US70
50.22.12.9450.22.12.94-static.reverse.softlayer.com.36351SOFTLAYERCA14
50.23.134.9850.23.134.98-static.reverse.softlayer.com.36351SOFTLAYERCA389
182.140.131.133NONE38283CHINANET-SCIDC-AS-APCN13
85.198.188.145heap5.navy.dp.ua.42471FALSTAP-ASUA38
120.138.96.2121-96-138-120.mysipl.com.45194SIPL-ASIN8
211.252.223.202NONE45400NICNETKR12
180.210.207.167ns167.limebox.com.sg.45634SPARKSTATION-SG-APSG30
113.160.43.246static.vnpt-hanoi.com.vn.45899VNPT-AS-VNVN31


国別攻撃元ホストの数の割合


国別攻撃頻度


攻撃対象ユーザーID辞書。

 ____
 a
 aaliyah
 aaron
 abby
 abc
 abigail
 ace
 adela
 admin
 adrian
 adv
 Agalloch
 akkopu
 alan
 alessandro
 alex
 alexa
 alexandra
 alexandru
 alexis
 alias
 alliance
 allison
 alyssa
 amanda
 amar
 ana
 anca
 anda
 andrea
 andreas
 andrew
 andrey
 anna
 annuaire
 anonymous
 ant
 anthony
 anti
 antica
 applmgr
 applprod
 appuser
 arianna
 armen
 aron
 ashley
 asia
 audrey
 ava
 avenues
 avery
 awstats
 backup
 backuppc
 bailey
 beleaua
 benjamin
 bernd
 blog
 blue
 bob
 brett
 brian
 brianna
 brooke
 bruno
 bula
 bureau
 caleb
 callhome
 carlos
 caroline
 cburgos
 cgarrido
 chandimal
 chenbing
 chencong
 chloe
 chuck
 cindy
 cisco
 claire
 cmd
 cncp
 coco
 comi
 command
 console
 contabil
 contempo
 core
 cosinus
 courier
 craig
 crisan
 cristi
 cristina
 cs
 cvsuser1
 cvsuser
 cyrus
 dan
 dana
 dank
 danny
 darek
 darkman
 dasusr1
 data
 dave
 david
 db2fenc1
 db2inst1
 delta
 denis
 deploy
 der
 desk
 desktop
 destiny
 diane
 dingcx
 director
 dixon
 dmitry
 dnp
 doina
 doodz
 doomi
 dorina
 dot
 download
 dragon
 dream
 duane
 economist
 eddie
 elite
 elizabeth
 ella
 emily
 emma
 emuleon
 enrique
 eric
 erin
 ernest
 ernie
 esther
 exim
 fabrice
 faith
 farrell
 felix
 festival
 files
 filter
 firebird
 firewall
 first
 fish
 fix
 flexshare
 florin
 fluffy
 folkert
 foobar
 fotograf
 fred
 free
 frei
 ftpsecure
 ftptest
 ftpuser
 gabriella
 gabrielle
 gary
 gast
 gdm
 generalmanager
 genoveva
 gnax
 gold
 grace
 greg
 gruiz
 gt05
 guest
 guma
 hacluster
 hailey
 haitac
 hallo
 hannah
 hans
 help
 hermes
 hostmaster
 http
 httpd
 huruya
 igor
 im
 image
 ina
 info
 informix
 input
 ionita
 ionut
 ionutz
 Ionutz
 iraf
 ircd
 iresha
 isabel
 isabella
 isabelle
 its
 jasmin
 jasmine
 java
 javi
 jb
 je
 jean
 jeffrey
 jeni
 jenna
 jessica
 jessie
 john
 joomla
 jordan
 juan
 jubar
 julia
 jurca
 kaitlyn
 kate
 katherine
 katie
 kayla
 kaylee
 kenny
 kent
 kevin
 kim
 komatsu
 kor
 kumichan
 kylie
 lab
 lady
 lahiru
 laptop
 laura
 lauren
 lead
 leah
 library
 lily
 linda
 linux
 liu
 loverd
 lucia
 mackenzie
 madeline
 madhuri
 madison
 makayla
 malika
 mama
 mana
 manchester
 maria
 mark
 marketing
 marta
 martin
 master
 matt
 matteo
 max
 maya
 mckey
 medie
 megan
 Melk
 mia
 michael
 michaels
 michal
 michel
 michelle
 mike
 miriam
 moderna
 moised
 molly
 mom
 monica
 morgan
 moshutzu
 music
 mysql
 mythtv
 n3os
 nagios
 natalie
 neetha
 netdump
 network
 nfsnobody
 nick
 nickelan
 nicole
 nokia
 notes
 notorius
 ntp
 nuevos
 numis
 office
 oliver
 olivia
 oprea
 oracle
 paige
 palex
 passwd
 paul
 paula
 pc
 pegasus
 photo
 php
 pieter
 PlcmSpIp
 plcmspip
 pol
 portal
 postgres
 postgrey
 preist
 print
 production
 project
 prueba
 public
 pufy
 quake
 quegen
 r00t
 radmin
 radu
 rafael
 raja
 rasika
 raul
 rebecca
 reboot
 reception
 remote
 restart
 rfuentes
 richer
 riley
 rob
 rodney
 romeo
 roo
 root
 rpcuser
 rrojas
 ryan
 saito
 sakura
 sales
 samantha
 samuel
 sanderson
 sarah
 sarolta
 sauv
 savannah
 save
 scanner
 scott
 sebestyen
 senaka
 seongjin
 server
 setup
 seven
 sharon
 shell
 shelton
 shipping
 shop
 short
 sid
 sin
 sirsi
 skid
 skylar
 sony
 sophia
 sophie
 spam
 spamd
 spamfiltrer
 spik
 sponsor
 squid
 squirrelmail
 ss
 staff
 stats
 status
 stella
 stephanie
 steve
 stud
 student
 styx
 sun
 suporte
 support
 susan
 svn
 swsoft
 sydney
 system-mysql
 tachel
 taylor
 TeamSpeak
 teamspeam
 temp
 temporal
 test10
 test11
 test12
 test123
 test1
 test2
 test3
 test4
 test5
 test6
 test7
 test
 test8
 test9
 tester
 testguy
 thlow
 tim
 tomcat
 tomcat5
 tone
 tordai
 torrent
 toto
 town
 tracker
 transfer
 trash
 trinity
 ts
 tuningar
 turbo
 ubuntu
 unix
 update
 upload
 user01
 user02
 user1
 user
 user2
 user3
 username
 usuario
 utente
 util1
 vadmin
 valas
 vicky
 victoria
 video
 vincent
 visitor
 vivek
 vmail
 vmware
 vnc
 vwalker
 water
 web
 webadmin
 webalizer
 weblogic
 webmaster
 webrun
 webster
 wei
 wenan
 whitecanyon
 wiber
 wilkins
 william
 williamson
 wolfgang
 word
 worker
 wrestling
 www
 www-data
 x
 xbox
 xx
 xxx
 yarul
 yclee
 zabbix
 zako
 zemba
 zhangwanzhou
 zimbra
 zoe

関連:sshブルートフォースアタック(brute force attack)続く

[カテゴリ:botnet観察日記]

by jyake