Re: [FRnOG] [ALERT] Attaque depuis OVH AS 16276

[David Ponzone]

Tu fais un tshark sur un de tes serveurs, tu vas vite être convaincu.

Sur un de mes routeurs, avant que je filtre:

Sep 21 13:11:16.852: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
1 packet
Sep 21 13:16:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
903 packets
Sep 21 13:22:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
7 packets
Sep 21 13:27:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
293 packets
Sep 21 13:32:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
486 packets
Sep 21 13:37:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
480 packets
Sep 21 13:43:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
581 packets
Sep 21 13:48:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
441 packets
Sep 21 13:54:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
559 packets
Sep 21 13:59:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
483 packets
Sep 21 14:04:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
454 packets
Sep 21 14:09:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
477 packets
Sep 21 14:14:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
489 packets
Sep 21 14:19:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
497 packets
Sep 21 14:24:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
477 packets
Sep 21 14:29:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
488 packets
Sep 21 14:34:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
436 packets
Sep 21 14:39:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
437 packets
Sep 21 14:44:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
455 packets
Sep 21 14:49:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
465 packets
Sep 21 14:54:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
491 packets
Sep 21 15:00:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
589 packets
Sep 21 15:06:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
550 packets
Sep 21 15:11:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
454 packets
Sep 21 15:17:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
598 packets
Sep 21 15:22:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
465 packets
Sep 21 15:27:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
504 packets
Sep 21 15:32:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
454 packets
Sep 21 15:38:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
565 packets
Sep 21 15:43:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
452 packets
Sep 21 15:48:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
484 packets
Sep 21 15:53:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
456 packets
Sep 21 15:58:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
447 packets
Sep 21 16:04:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
545 packets
Sep 21 16:09:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
461 packets
Sep 21 16:14:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
446 packets
Sep 21 16:19:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
471 packets
Sep 21 16:24:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
497 packets
Sep 21 16:29:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
445 packets
Sep 21 16:34:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
454 packets
Sep 21 16:39:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
448 packets
Sep 21 16:44:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
460 packets
Sep 21 16:49:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
451 packets
Sep 21 16:54:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
456 packets
Sep 21 17:00:36.937: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
512 packets
Sep 21 17:06:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
586 packets
Sep 21 17:11:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
431 packets
Sep 21 17:16:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
470 packets
Sep 21 17:21:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
455 packets
Sep 21 17:27:36.936: %SEC-6-IPACCESSLOGS: list telnet-acl denied 149.202.52.150 
563 packets

Y a pas vraiment de doute je pense :)

Le 21 sept. 2015 à 17:42, Imad Soltani <solt...@imad.fr> a écrit :

> Bonjour ,
> 
> On 09/21/15 17:06, David CHANIAL wrote:
>> Bonjour,
>> 
>>> Le 21 sept. 2015 à 16:59, Xavier ROCA <x.r...@sdi.fr> a écrit :
>>> On subit une attaque depuis une IP 149.202.52.150
>>> Si un OVH peut regarder AS16276
>> 
>> La FRNoG se trouve désormais sur ab...@ovh.net ou n...@ovh.net ? :)
>> 
> 
> sans compter le fait que le "croire sur parole" comporte quelques risques ... 
> si on se mets a "bannir" sans pouvoir verifier , juste sur la foi d'un "mail" 
> sur frnog ...
> 
> 
> ---------------------------
> Liste de diffusion du FRnOG
> http://www.frnog.org/


---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/