駭客來源

話說其中一部機 set 左一啲 rules 來防止駭客入侵,例如短時間內連續登入等就會 block IP,短時間內同一個 subnet 內發現有超過一個 IP 被 block IP 就會成個 subnet block 左佢,用左年幾後,被 block 既 subnet 有咩國家呢? 整理後得到呢個結果:

     80 CN
     28 不知名
      9 SC
      7 FR
      4 DE
      3 VN
      3 TH
      2 US
      2 Ti
      2 NL
      2 MY
      2 HK
      2 BW
      1 x 15 個不同國家

最多有 81 個 subnet 係偉大的組國,大家都明,跟住有 9 個 subnet 係用非洲小島,應該係貪佢難查到背後係咩人,最奇的係跟住既法國同德國,點解會有咁多入侵?

單個 IP 都可以話係用家中毒/有真駭客
成個 subnet 嗰啲
係咪成間網吧中毒

Apr 20 10:24:34 localhost sshd[9304]: refused connect from 58.218.205.97 (58.218.205.97)
Apr 20 11:30:39 localhost sshd[9546]: refused connect from 58.218.204.107 (58.218.204.107)
Apr 20 11:41:16 localhost sshd[9583]: refused connect from 58.218.205.101 (58.218.205.101)
Apr 20 12:37:10 localhost sshd[10104]: refused connect from 58.218.205.101 (58.218.205.101)
Apr 20 13:41:30 localhost sshd[10559]: refused connect from 58.218.204.248 (58.218.204.248)
Apr 20 14:45:56 localhost sshd[10790]: refused connect from 58.218.204.107 (58.218.204.107)
Apr 20 17:29:21 localhost sshd[11678]: refused connect from 58.218.205.101 (58.218.205.101)
Apr 20 18:35:57 localhost sshd[11866]: refused connect from 58.218.205.101 (58.218.205.101)
Apr 20 20:03:09 localhost sshd[12126]: refused connect from 58.218.204.248 (58.218.204.248)
Apr 20 21:46:29 localhost sshd[12956]: refused connect from 58.218.204.107 (58.218.204.107)
Apr 20 22:43:38 localhost sshd[13094]: refused connect from 58.218.204.30 (58.218.204.30)
Apr 20 22:54:57 localhost sshd[13102]: refused connect from 58.218.204.248 (58.218.204.248)
Apr 21 00:02:33 localhost sshd[13332]: refused connect from 58.218.204.107 (58.218.204.107)
Apr 21 01:21:46 localhost sshd[13550]: refused connect from 58.218.204.215 (58.218.204.215)
Apr 21 02:29:55 localhost sshd[13746]: refused connect from 58.218.204.215 (58.218.204.215)
Apr 21 02:46:11 localhost sshd[13789]: refused connect from 58.218.204.211 (58.218.204.211)
Apr 21 07:29:59 localhost sshd[14584]: refused connect from 58.218.204.107 (58.218.204.107)
Apr 21 07:36:52 localhost sshd[14644]: refused connect from 58.218.204.30 (58.218.204.30)
Apr 21 10:45:11 localhost sshd[15881]: refused connect from 58.218.204.107 (58.218.204.107)
Apr 21 11:38:45 localhost sshd[16222]: refused connect from 58.218.204.215 (58.218.204.215)

TOP

不停轉ip

TOP

回覆 2# swimmor

呢個做法係防止 firewall Block IP 的 counter 發揮作用,佢用 1000 粒 IP 來撞密碼,1 秒 1 個,到 1000 秒後個 counter 可能已經 expire 左,唔會被 block,呢個係點解我 set rules 要 block subnet 既原因。

雖然有 1000 粒 IP,其實可能都係來自同一部機。

TOP

國家安全

TOP

回覆  swimmor

呢個做法係防止 firewall Block IP 的 counter 發揮作用,佢用 1000 粒 IP 來撞密碼,1 秒 ...
dbp 發表於 2016-4-21 14:16


    咁有乜野人/組織可以控制到 1000粒 IP. ..

TOP