sshdに対して辞書を当てる

[セキュリティ] sshdに対して辞書を当てる
03/31/2005 18:49 (投稿者：たかの)

以前の記事で「ドメインに対して辞書を当てる」ってのを取り上げたけど、今度はsshdらしい。
パスワード未設定のアカウントでも探してるのかね。
ログはこんな感じ。

Mar 31 18:32:37 mini-venus sshd[23355]: Failed password for illegal user anonymous from 210.109.96.8 port 54992 ssh2
Mar 31 18:32:37 mini-venus sshd[23355]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:38 mini-venus sshd[23356]: Failed password for illegal user bruce from 210.109.96.8 port 55066 ssh2
Mar 31 18:32:38 mini-venus sshd[23356]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:39 mini-venus sshd[23357]: Failed password for illegal user chuck from 210.109.96.8 port 55161 ssh2
Mar 31 18:32:39 mini-venus sshd[23357]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:41 mini-venus sshd[23362]: Failed password for illegal user darkman from 210.109.96.8 port 55257 ssh2
Mar 31 18:32:41 mini-venus sshd[23362]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:43 mini-venus sshd[23367]: Failed password for illegal user hostmaster from 210.109.96.8 port 55422 ssh2
Mar 31 18:32:44 mini-venus sshd[23367]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:48 mini-venus sshd[23368]: Failed password for illegal user jeffrey from 210.109.96.8 port 55664 ssh2
Mar 31 18:32:49 mini-venus sshd[23368]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:50 mini-venus sshd[23369]: Failed password for illegal user loverd from 210.109.96.8 port 55921 ssh2
Mar 31 18:32:50 mini-venus sshd[23369]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:52 mini-venus sshd[23370]: Failed password for illegal user eric from 210.109.96.8 port 56072 ssh2
Mar 31 18:32:52 mini-venus sshd[23370]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:56 mini-venus sshd[23371]: Failed password for illegal user lauren from 210.109.96.8 port 56222 ssh2
Mar 31 18:32:57 mini-venus sshd[23371]: Received disconnect from 210.109.96.8: 11: Bye Bye
Mar 31 18:32:59 mini-venus sshd[23372]: Failed password for illegal user mark from 210.109.96.8 port 56520 ssh2
Mar 31 18:32:59 mini-venus sshd[23372]: Received disconnect from 210.109.96.8: 11: Bye Bye
--------

しかし最近の手口は、とにかく派手だよね。
すぐにログが膨れてバレバレというか何というか。

昔のハッカーは、もーちっとスマートというか、すぐには気づかれないような挙動をしていたと思うんだが。
それくらいナメてかかられているってことなんでしょうね。

メールでコメント