Re: Illegal user carol from ...
Jak doniosl wywiad/kontrwywiad dnia Wed, 26 Oct 2005 20:06:30 +0200
Sub [EMAIL PROTECTED] napisal(a):
Witam,
Szukam jakis narzedzi ktore blokowaly by po kilku nieudanych probach
zalogowania dany IP.
ciach
Jakies pomysly/narzedzia zeby to to przyblokowac?
ciach
Witam, wlasnie podobny problem jest opisywany na liscie incidents (na
securityfocus.com) wiec nie bede wywazal otwartych drzwi i wkleje ci
odpowiedniego posta z bardzo fajnym (lightweight - owym) rozwiazaniem:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: SSH bruteforce on its way...
Date: 19 Oct 2005 20:47:39 -
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Heres a perl script I made to help solve my problem. I have been seeing these
the past 2 years at least. This works on debian sarge (ssh 3.8). Can easily be
changed for other ssh versions. Run like this...
tail -n0 -F /var/log/auth.log |logflow.pl |awk -W interactive '{ print sshd:
$1 }' /etc/hosts.deny 21
and here is the logflow.pl...
#!/usr/bin/perl
use Regexp::Common qw /net/;
# ips that shouldn't be banned
@safe = ('192.168.51.1','1.2.3.4');
# number of illegal users received in 1 minute that will trigger a ban
$thresh = 4;
while (STDIN) {
if ($_ !~ /Illegal user/) { next; }
@line = split(' ', $_);
@hourmin = split(':', @line[2]);
if (@line[0] @line[1] @hourmin[0] @hourmin[1] @line[9] eq $remember
grep(/[EMAIL PROTECTED]/, @bans) eq 0 @line[9] =~ /^$RE{net}{IPv4}$/) {
$found++;
if ($found eq ($thresh - 1)) {
print @line[9]\n;
$| = 1;
push(@bans, @line[9]);
}
} else {
$found=0;
}
$remember = @line[0] @line[1] @hourmin[0] @hourmin[1] @line[9];
}
ciach
Ostatnimi czasy nasilaja sie glupie proby wlamow typu:
(...)
Oct 26 18:46:03 mars sshd[15452]: Illegal user carol from 210.97.10.180
Oct 26 18:46:03 mars sshd[15453]: Illegal user network from 210.97.10.180
Oct 26 18:46:06 mars sshd[15457]: Illegal user word from 210.97.10.180
Oct 26 18:46:07 mars sshd[15456]: Illegal user jaso from 210.97.10.180
(...)
Rozna logi, serwer sie zajmuje niepotrzebnymi odpowiedziami, po kablach
lataja bzdurne wywolania na ssh...
A tak przy okazji proponuje tam zagladnac, bo to takie nie do konca glupoty
Pozdrawiam
--
Jerzy sm0q Patraszewski
patrasze{at}wszib{dot}edu{dot}pl
sm0q{at}rootshell{dot}be
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: czym wypalać na 2.6.x bez GNOME /KDE?
Paweł 'Róża' Różański napisał(a): Wiem, że jakoś bez problemu mi śmigało na 2.6.1x. Może masz coś z jajem nie teges? Jak dla mnie cytat miesiąca :) -- /// Szymon Nieradka
Re: czym wypala ć na 2.6.x bez GNOME/KDE?
Dnia Thu, Oct 27, 2005 at 12:23:29AM +0200, Kamil Leszczuk napisał(a): u mnie jest tak: cdrecord dev=/dev/hdc speed=24 driveropts=burnfree obraz.iso czyli w sumie to samo co u Ciebie... Bo u mnie że nagrywanie 'by device name' jest 'unsupported'. Ale to tylko ostrzeżenie i dalej leci po staremu (czyli jak na 2.4). co dokładniej wywala cdrecord? cdrecord: No write mode specified. cdrecord: Asuming -tao mode. cdrecord: Future versions of cdrecord may have different drive dependent defaults. cdrecord: Continuing in 5 seconds... cdrecord: Warning: Running on Linux-2.6.13.2 cdrecord: There are unsettled issues with Linux-2.5 and newer. cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris. cdrecord: Operation not permitted. WARNING: Cannot set RR-scheduler cdrecord: Permission denied. WARNING: Cannot set priority using setpriority(). cdrecord: WARNING: This causes a high risk for buffer underruns. scsidev: '/dev/hdd' devname: '/dev/hdd' scsibus: -2 target: -2 lun: -2 Warning: Open by 'devname' is unintentional and not supported. Linux sg driver version: 3.5.27 Cdrecord-Clone 2.01.01a01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 Jörg Schilling NOTE: this version of cdrecord is an inofficial (modified) release of cdrecord and thus may have bugs that are not present in the original version. Please send bug reports and support requests to [EMAIL PROTECTED]. The original author should not be bothered with problems of this version. Using libscg version 'schily-0.8'. Device type: Removable CD-ROM Version: 0 Response Format: 2 Capabilities : Vendor_info: 'LITE-ON ' Identifikation : 'LTR-52246S ' Revision : '6S0D' Device seems to be: Generic mmc CD-RW. Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr). Driver flags : MMC-3 SWABAUDIO BURNFREE FORCESPEED Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R cdrecord: No such file or directory. Cannot open '2'. pozdrawiam -- ~QLIVER~~~Marcin Landowski _ *\ *\ ~~~GG:6509957, Tleen~~~ *_|o|[EMAIL PROTECTED]@koti.pl~~ ~~8-\___/ ~~~poczta.wp.pl~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: czym wypala ć na 2.6.x bez GNOME/KDE?
Dnia Wed, Oct 26, 2005 at 10:52:52PM +0200, Bartosz Fenski aka fEnIo napisał(a): [...] Może nie tyle nie widzi, ile ja nie potrafię go zmusić, aby widział... Co mówi `cdrecord -dev=ATAPI: -scanbus` ? To LG to zwykły CD-ROM, nagrywarka to LITE-ON: Cdrecord-Clone 2.01.01a01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 Jörg Schilling NOTE: this version of cdrecord is an inofficial (modified) release of cdrecord and thus may have bugs that are not present in the original version. Please send bug reports and support requests to [EMAIL PROTECTED]. The original author should not be bothered with problems of this version. Using libscg version 'schily-0.8'. scsibus0: 0,0,0 0) * 0,1,0 1) 'LG ' 'CD-ROM CRD-8521B' '1.03' Removable CD-ROM 0,2,0 2) * 0,3,0 3) * 0,4,0 4) * 0,5,0 5) * 0,6,0 6) * 0,7,0 7) * pozdrawiam -- ~QLIVER~~~Marcin Landowski _ *\ *\ ~~~GG:6509957, Tleen~~~ *_|o|[EMAIL PROTECTED]@koti.pl~~ ~~8-\___/ ~~~poczta.wp.pl~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: czym wypala ć na 2.6.x bez GNOME/KDE?
On Thu, Oct 27, 2005 at 10:54:22AM +0200, Marcin Landowski wrote: Co mówi `cdrecord -dev=ATAPI: -scanbus` ? To LG to zwykły CD-ROM, nagrywarka to LITE-ON: Cdrecord-Clone 2.01.01a01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 Jörg Schilling NOTE: this version of cdrecord is an inofficial (modified) release of cdrecord and thus may have bugs that are not present in the original version. Please send bug reports and support requests to [EMAIL PROTECTED]. The original author should not be bothered with problems of this version. Using libscg version 'schily-0.8'. scsibus0: 0,0,0 0) * 0,1,0 1) 'LG ' 'CD-ROM CRD-8521B' '1.03' Removable CD-ROM 0,2,0 2) * 0,3,0 3) * 0,4,0 4) * 0,5,0 5) * 0,6,0 6) * 0,7,0 7) * /usr/share/doc/cdrecord/README.ATAPI.setup czytałeś? pozdr, fEnIo -- ,''`. Bartosz Fenski | mailto:[EMAIL PROTECTED] | pgp:0x13fefc40 | irc:fEnIo : :' : 32-050 Skawina - Glowackiego 3/15 - w. malopolskie - Poland `. `' phone:+48602383548 | proud Debian maintainer and user `- http://skawina.eu.org | jid:[EMAIL PROTECTED] | rlu:172001 signature.asc Description: Digital signature
Re: czym wypala ć na 2.6.x bez GNOME/KDE?
On Thu, Oct 27, 2005 at 10:48:23AM +0200, Marcin Landowski wrote: co dokładniej wywala cdrecord? [snip] cdrecord: No such file or directory. Cannot open '2'. przydałaby się jeszcze Twoja linia z wywołaniem cdrecorda. -- Just a friendly Jedi Knight | I find your lack of faith Robert Ramiega [EMAIL PROTECTED] | disturbing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: czym wypala ć na 2.6.x bez GNOME/KDE?
Dnia Thu, Oct 27, 2005 at 11:38:05AM +0200, Robert Ramiega napisał(a): przydałaby się jeszcze Twoja linia z wywołaniem cdrecorda. cdrecord dev=/dev/hdd obraz.iso pozdroowka -- ~QLIVER~~~Marcin Landowski _ *\ *\ ~~~GG:6509957, Tleen~~~ *_|o|[EMAIL PROTECTED]@koti.pl~~ ~~8-\___/ ~~~poczta.wp.pl~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: czym wypala ć na 2.6.x bez GNOME/KDE?
Dnia Thu, Oct 27, 2005 at 11:28:15AM +0200, Bartosz Fenski aka fEnIo napisał(a): /usr/share/doc/cdrecord/README.ATAPI.setup czytałeś? Nie. Naprawiam błąd... hejka -- ~QLIVER~~~Marcin Landowski _ *\ *\ ~~~GG:6509957, Tleen~~~ *_|o|[EMAIL PROTECTED]@koti.pl~~ ~~8-\___/ ~~~poczta.wp.pl~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: czym wypalać na 2.6.x bez GNOME/KDE?
cdrecord: There are unsettled issues with Linux-2.5 and newer. cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris. cdrecord: Operation not permitted. WARNING: Cannot set RR-scheduler cdrecord: Permission denied. WARNING: Cannot set priority using setpriority(). cdrecord: WARNING: This causes a high risk for buffer underruns. podobne ostrzeżenia są też u mnie, więc pewnie to nie problem cdrecord: No such file or directory. Cannot open '2'. No i to. U mnie jest tak: $ cdrecord dev=/dev/hdc a.iso $ ... $ cdrecord: No such file or directory. Cannot open 'a.iso'. ale tylko kiedy plik a.iso nie istnieje. a działa u Ciebie: cdrecord dev=/dev/hdX blank=fast ? pozdrowienia Kamil -- [EMAIL PROTECTED] .:. http://www.mok.siedlce.pl/kosmos 'I tried, I failed, no matter. Try again, fail again, fail better' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
