Δημοσιεύτηκε: 11 Μαρ 2009, 20:07
Καλησπέρα.
Στο laptop τρέχει (apache,mysql,webmin,ssh) και το μόνο που έχω αφήσει "ανοικτό" είναι το port 80 του apache το οποίο φυσικά το κλείνω όταν είμαι στο διαδίκτυο.Επίσης στο router δεν κάνω port forward οπότε κανένα από τα παρακάτω δεν είναι ορατό στο διαδίκτυο γιατί ο router τα κόβει.Προφανώς υπήρχε κάποια "επίθεση" από διάφορα μηχανήματα και παραθέτω και log από την επίθεση.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 5399/mysqld
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 6260/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5298/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5508/cupsd
tcp6 0 0 :::80 :::* LISTEN 6116/apache2
tcp6 0 0 :::22 :::* LISTEN 5298/sshd
tcp6 0 0 :::443 :::* LISTEN 6116/apache2
Mar 10 21:16:10MYPC kernel: [ 104.520562] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=83.41.229.1
67 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=1516 PROTO=UDP SPT=18225 DPT=42319 LEN=111
Mar 10 21:16:10MYPC kernel: [ 104.585672] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=193.16.255.
26 DST=192.168.2.2 LEN=129 TOS=0x18 PREC=0x20 TTL=116 ID=62044 PROTO=UDP SPT=24503 DPT=42319 LEN=109
Mar 10 21:16:12MYPC kernel: [ 105.886853] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=189.170.64.
235 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=118 ID=14573 PROTO=UDP SPT=50001 DPT=42319 LEN=111
Mar 10 21:16:15MYPC kernel: [ 109.368130] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=78.82.192.1
70 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=114 ID=6741 PROTO=UDP SPT=46342 DPT=42319 LEN=111
Mar 10 21:16:19MYPC kernel: [ 113.130521] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=74.62.136.1
4 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=26495 PROTO=UDP SPT=4817 DPT=42319 LEN=111
Mar 10 21:16:23MYPC kernel: [ 117.487897] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=81.173.159.
91 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=117 ID=14544 PROTO=UDP SPT=20494 DPT=42319 LEN=111
Mar 10 21:16:25MYPC kernel: [ 118.729565] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=81.228.63.2
00 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=31679 PROTO=UDP SPT=55007 DPT=42319 LEN=111
Mar 10 21:16:25MYPC kernel: [ 119.417079] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=74.62.136.1
4 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=26859 PROTO=UDP SPT=4817 DPT=42319 LEN=111
Mar 10 21:16:31MYPC kernel: [ 125.266754] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=213.10.102.
48 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=119 ID=28225 PROTO=UDP SPT=60829 DPT=42319 LEN=111
Mar 10 21:16:31MYPC kernel: [ 125.386663] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=76.234.164.
253 DST=192.168.2.2 LEN=126 TOS=0x18 PREC=0x20 TTL=116 ID=65436 PROTO=UDP SPT=60000 DPT=42319 LEN=106
Mar 10 21:16:32MYPC kernel: [ 125.859863] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=74.62.136.1
4 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=27162 PROTO=UDP SPT=4817 DPT=42319 LEN=111
Mar 10 21:16:34MYPC kernel: [ 128.344889] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=84.42.253.8
4 DST=192.168.2.2 LEN=129 TOS=0x18 PREC=0x20 TTL=112 ID=18015 PROTO=UDP SPT=12232 DPT=42319 LEN=109
Mar 10 21:16:36MYPC kernel: [ 130.335994] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=79.138.210.
246 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=113 ID=16001 PROTO=UDP SPT=51893 DPT=42319 LEN=111
Mar 10 21:16:36MYPC kernel: [ 130.635321] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=62.38.29.19
0 DST=192.168.2.2 LEN=131 TOS=0x00 PREC=0x00 TTL=117 ID=1023 PROTO=UDP SPT=54113 DPT=42319 LEN=111
Mar 10 21:16:37MYPC kernel: [ 131.711911] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=95.37.63.15
DST=192.168.2.2 LEN=134 TOS=0x18 PREC=0x20 TTL=115 ID=52164 PROTO=UDP SPT=62283 DPT=42319 LEN=114
Mar 10 21:16:39MYPC kernel: [ 133.295819] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=69.243.51.9
DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=111 ID=18681 PROTO=UDP SPT=47267 DPT=42319 LEN=111
Mar 10 21:16:42MYPC kernel: [ 136.516192] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=91.164.147.
138 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=113 ID=18963 PROTO=UDP SPT=36042 DPT=42319 LEN=111
Mar 10 21:16:43MYPC kernel: [ 136.840966] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=125.34.34.1
50 DST=192.168.2.2 LEN=126 TOS=0x18 PREC=0x20 TTL=112 ID=12044 PROTO=UDP SPT=14089 DPT=42319 LEN=106
Mar 10 21:16:45MYPC kernel: [ 139.067606] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=79.120.45.1
57 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=118 ID=51757 PROTO=UDP SPT=28665 DPT=42319 LEN=111
Mar 10 21:16:48MYPC kernel: [ 142.015739] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=208.179.165
.6 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=111 ID=4310 PROTO=UDP SPT=57318 DPT=42319 LEN=111
Mar 10 21:16:50MYPC kernel: [ 144.151505] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=78.159.153.
34 DST=192.168.2.2 LEN=126 TOS=0x18 PREC=0x20 TTL=116 ID=21359 PROTO=UDP SPT=15735 DPT=42319 LEN=106
Mar 10 21:16:53MYPC kernel: [ 146.965735] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=85.207.127.
114 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=116 ID=46409 PROTO=UDP SPT=60892 DPT=42319 LEN=111
Mar 10 21:16:53MYPC kernel: [ 147.090527] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=89.211.40.6
6 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=113 ID=49329 PROTO=UDP SPT=12981 DPT=42319 LEN=111
Mar 10 21:16:57MYPC kernel: [ 151.532226] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=92.224.193.
50 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=18269 PROTO=UDP SPT=59133 DPT=42319 LEN=111
--More--(22%)
Στο laptop τρέχει (apache,mysql,webmin,ssh) και το μόνο που έχω αφήσει "ανοικτό" είναι το port 80 του apache το οποίο φυσικά το κλείνω όταν είμαι στο διαδίκτυο.Επίσης στο router δεν κάνω port forward οπότε κανένα από τα παρακάτω δεν είναι ορατό στο διαδίκτυο γιατί ο router τα κόβει.Προφανώς υπήρχε κάποια "επίθεση" από διάφορα μηχανήματα και παραθέτω και log από την επίθεση.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 5399/mysqld
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 6260/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5298/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5508/cupsd
tcp6 0 0 :::80 :::* LISTEN 6116/apache2
tcp6 0 0 :::22 :::* LISTEN 5298/sshd
tcp6 0 0 :::443 :::* LISTEN 6116/apache2
Mar 10 21:16:10MYPC kernel: [ 104.520562] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=83.41.229.1
67 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=1516 PROTO=UDP SPT=18225 DPT=42319 LEN=111
Mar 10 21:16:10MYPC kernel: [ 104.585672] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=193.16.255.
26 DST=192.168.2.2 LEN=129 TOS=0x18 PREC=0x20 TTL=116 ID=62044 PROTO=UDP SPT=24503 DPT=42319 LEN=109
Mar 10 21:16:12MYPC kernel: [ 105.886853] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=189.170.64.
235 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=118 ID=14573 PROTO=UDP SPT=50001 DPT=42319 LEN=111
Mar 10 21:16:15MYPC kernel: [ 109.368130] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=78.82.192.1
70 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=114 ID=6741 PROTO=UDP SPT=46342 DPT=42319 LEN=111
Mar 10 21:16:19MYPC kernel: [ 113.130521] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=74.62.136.1
4 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=26495 PROTO=UDP SPT=4817 DPT=42319 LEN=111
Mar 10 21:16:23MYPC kernel: [ 117.487897] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=81.173.159.
91 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=117 ID=14544 PROTO=UDP SPT=20494 DPT=42319 LEN=111
Mar 10 21:16:25MYPC kernel: [ 118.729565] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=81.228.63.2
00 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=31679 PROTO=UDP SPT=55007 DPT=42319 LEN=111
Mar 10 21:16:25MYPC kernel: [ 119.417079] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=74.62.136.1
4 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=26859 PROTO=UDP SPT=4817 DPT=42319 LEN=111
Mar 10 21:16:31MYPC kernel: [ 125.266754] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=213.10.102.
48 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=119 ID=28225 PROTO=UDP SPT=60829 DPT=42319 LEN=111
Mar 10 21:16:31MYPC kernel: [ 125.386663] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=76.234.164.
253 DST=192.168.2.2 LEN=126 TOS=0x18 PREC=0x20 TTL=116 ID=65436 PROTO=UDP SPT=60000 DPT=42319 LEN=106
Mar 10 21:16:32MYPC kernel: [ 125.859863] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=74.62.136.1
4 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=27162 PROTO=UDP SPT=4817 DPT=42319 LEN=111
Mar 10 21:16:34MYPC kernel: [ 128.344889] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=84.42.253.8
4 DST=192.168.2.2 LEN=129 TOS=0x18 PREC=0x20 TTL=112 ID=18015 PROTO=UDP SPT=12232 DPT=42319 LEN=109
Mar 10 21:16:36MYPC kernel: [ 130.335994] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=79.138.210.
246 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=113 ID=16001 PROTO=UDP SPT=51893 DPT=42319 LEN=111
Mar 10 21:16:36MYPC kernel: [ 130.635321] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=62.38.29.19
0 DST=192.168.2.2 LEN=131 TOS=0x00 PREC=0x00 TTL=117 ID=1023 PROTO=UDP SPT=54113 DPT=42319 LEN=111
Mar 10 21:16:37MYPC kernel: [ 131.711911] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=95.37.63.15
DST=192.168.2.2 LEN=134 TOS=0x18 PREC=0x20 TTL=115 ID=52164 PROTO=UDP SPT=62283 DPT=42319 LEN=114
Mar 10 21:16:39MYPC kernel: [ 133.295819] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=69.243.51.9
DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=111 ID=18681 PROTO=UDP SPT=47267 DPT=42319 LEN=111
Mar 10 21:16:42MYPC kernel: [ 136.516192] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=91.164.147.
138 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=113 ID=18963 PROTO=UDP SPT=36042 DPT=42319 LEN=111
Mar 10 21:16:43MYPC kernel: [ 136.840966] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=125.34.34.1
50 DST=192.168.2.2 LEN=126 TOS=0x18 PREC=0x20 TTL=112 ID=12044 PROTO=UDP SPT=14089 DPT=42319 LEN=106
Mar 10 21:16:45MYPC kernel: [ 139.067606] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=79.120.45.1
57 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=118 ID=51757 PROTO=UDP SPT=28665 DPT=42319 LEN=111
Mar 10 21:16:48MYPC kernel: [ 142.015739] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=208.179.165
.6 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=111 ID=4310 PROTO=UDP SPT=57318 DPT=42319 LEN=111
Mar 10 21:16:50MYPC kernel: [ 144.151505] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=78.159.153.
34 DST=192.168.2.2 LEN=126 TOS=0x18 PREC=0x20 TTL=116 ID=21359 PROTO=UDP SPT=15735 DPT=42319 LEN=106
Mar 10 21:16:53MYPC kernel: [ 146.965735] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=85.207.127.
114 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=116 ID=46409 PROTO=UDP SPT=60892 DPT=42319 LEN=111
Mar 10 21:16:53MYPC kernel: [ 147.090527] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=89.211.40.6
6 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=113 ID=49329 PROTO=UDP SPT=12981 DPT=42319 LEN=111
Mar 10 21:16:57MYPC kernel: [ 151.532226] Inbound IN=wlan0 OUT= MAC=XX:XX:XX:XX(MY MAC ADDR) SRC=92.224.193.
50 DST=192.168.2.2 LEN=131 TOS=0x18 PREC=0x20 TTL=115 ID=18269 PROTO=UDP SPT=59133 DPT=42319 LEN=111
--More--(22%)