Γιατί οι Windows users την έχουν βάψει
Giorgos Keramidas
keramida at ceid.upatras.gr
Sat Jul 10 10:25:44 EEST 2004
ΓΙΑΤΙ ΟΙ WINDOWS USERS ΤΗΝ ΕΧΟΥΝ ΒΑΨΕΙ
[ Όταν δεν Έχουν Κάποιο Αξιοπρεπές Firewall ]
Γιατί λίγα δευτερόλεπτα αφού συνδεθούμε, ακόμα και με μια απλή dialup
σύνδεση, οι ιοί μας την έχουν πέσει:
: Jul 10 08:04:16 gothmog ppp[487]: tun0: Phase: deflink: lcp -> open
: Jul 10 08:04:40 gothmog ipmon[169]: 08:04:39.571816 tun0 @0:23 b 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
: Jul 10 08:04:40 gothmog ipmon[169]: 08:04:39.691778 tun0 @0:23 b 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
: Jul 10 08:04:41 gothmog ipmon[169]: 08:04:40.613667 tun0 @0:23 b 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
: Jul 10 08:04:42 gothmog ipmon[169]: 08:04:41.591530 tun0 @0:23 b 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
: Jul 10 08:04:43 gothmog ipmon[169]: 08:04:42.673400 tun0 @0:23 b 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
: Jul 10 08:04:46 gothmog ipmon[169]: 08:04:46.102958 tun0 @0:23 b 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
: Jul 10 08:04:47 gothmog ipmon[169]: 08:04:47.018874 tun0 @0:23 b 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
: Jul 10 08:04:48 gothmog ipmon[169]: 08:04:47.838736 tun0 @0:23 b 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
: Jul 10 08:04:49 gothmog ipmon[169]: 08:04:48.594633 tun0 @0:23 b 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
Ειδικά σε μηχανήματα που είναι μόνιμα συνδεδεμένα (βλ. DSL), οι μόνιμες
και ασταμάτητες επιθέσεις μπορεί να φτάσουν σε τρελά νούμερα, αν ένα
dialup connection σε διάστημα λίγης ώρας δέχεται σχεδόν 1000 προσπάθειες
για σύνδεση σε απαγορευμένα ports:
: sysop at gothmog:~# sh listports.sh
: RANK HITS PORT
: 1 861 445
: 2 49 135
: 3 14 50555
: 4 7 2179
: 5 6 1214
: 6 5 137
: 7 3 80
: 8 3 23
: 9 3 1080
: 10 2 8080
: 11 2 6588
: 12 2 3128
: 13 2 1433
: 14 2 113
: 15 1 8000
: 16 1 65506
: 17 1 4480
: 18 1 407
: 19 1 3382
: 20 1 21
: sysop at gothmog:~# sh listports.sh | sed -e 1d | awk 'BEGIN{total=0} {total+=$2} END{print total}'
: 967
: sysop at gothmog:~#
Γιατί οι επιθέσεις γίνονται από όλο τον κόσμο...
: sysop at gothmog:~# sh listports.sh | head
: RANK HITS PORT
: 1 849 445
: 2 39 135
: 3 9 50555
: 4 7 2179
: 5 6 1214
: 6 4 137
: 7 3 80
: 8 3 23
: 9 3 1080
: sysop at gothmog:~# sh checkport.sh 445
: # Blocked connects to port 445.
: 12.222.2.124 (12-222-2-124.client.insightBB.com)
: 12.72.126.144 (144.phoenix-15rh16rt-16rh15rt.az.dial-access.att.net)
: 138.89.68.4 (pool-138-89-68-4.mad.east.verizon.net)
: 139.55.73.27 (h27.73.55.139.ip.alltel.net)
: 141.157.87.95 (pool-141-157-87-95.balt.east.verizon.net)
: 142.169.18.34 (ts1-24.f1132.ts.globetrotter.net)
: 142.169.56.235 (ts1-179.f137.ts.globetrotter.net)
: 142.179.77.57 (d142-179-77-57.bchsia.telus.net)
: 162.42.86.73 (162-42-86-73.cybertrails.com)
: 169.210.26.169
: 195.174.168.108 (cable168-108.ankara.kablonet.com.tr)
: 195.174.211.208
: 198.111.222.25 (pm443-15.dialip.mich.net)
: 198.166.224.217 (d198-166-224-217.abhsia.telus.net)
: 199.126.50.142 (d199-126-50-142.abhsia.telus.net)
: 200.100.114.11 (200-100-114-11.dial-up.telesp.net.br)
: 200.100.176.196 (200-100-176-196.dial-up.telesp.net.br)
: 200.146.12.125 (200.146.12.125.dialup.gvt.net.br)
: 200.175.29.11 (200.175.29.11.dialup.gvt.net.br)
: 200.191.250.23 (200191250023-dial-user-ECP.acessonet.com.br)
: 200.199.54.188
: 200.223.66.134
: 200.226.30.211 (211.30.226.200.in-addr.arpa.ig.com.br)
: 200.38.5.57 (red-corb1-200385-57.telnor.net)
: 200.76.210.13 (as9-200-76-210-13.mexdf.axtel.net)
: 200.79.140.174 (red-corpb5-13-174.telnor.net)
: 201.10.183.129
: 201.129.51.113 (dsl-201-129-51-113.prod-infinitum.com.mx)
: 201.135.81.83 (dsl-201-135-81-83.prod-infinitum.com.mx)
: 201.4.110.21 (USER.21.110.4.201.dial-ip.telemar.net.br)
: 201.4.203.190 (USER.190.203.4.201.dial-ip.telemar.net.br)
: 201.4.91.54 (USER.54.91.4.201.dial-ip.telemar.net.br)
: 201.5.119.20 (USER.20.119.5.201.dial-ip.telemar.net.br)
: 201.7.35.36 (201.7.35.36.ibest.com.br)
: 201.7.83.102 (201.7.83.102.ibest.com.br)
: 202.133.205.242
: 203.176.165.130 (so165130.bbo165.so-net.com.hk)
: 203.236.171.80
: 203.243.182.189
: 203.79.69.181 (203-79-69-181.apx0.paradise.net.nz)
: 203.91.77.78 (dyn79.nas2.per.eftel.com)
: 203.94.201.225
: 204.32.114.100 (dsc01-dav-oh-204-32-114-100.rasserver.net)
: 206.116.14.232 (d206-116-14-232.bchsia.telus.net)
: 206.116.9.52 (d206-116-9-52.bchsia.telus.net)
: 207.170.88.137 (asnet01-1-137.aus.texas.net)
: 207.172.230.117 (207-172-230-117.c3-0.drf-ubr2.atw-drf.pa.cable.rcn.com)
: 207.35.143.87 (AS53-01-87.cas-kit.golden.net)
: 207.38.196.85 (207-38-196-85.c3-0.elm-ubr3.qens-elm.ny.cable.rcn.com)
: 207.6.4.167 (d207-6-4-167.bchsia.telus.net)
: 208.1.87.90 (STC10-026.essex1.com)
: 208.170.225.230 (tc2-225-230.altelco.net)
: 208.60.225.20 (host-208-60-225-20.owb.bellsouth.net)
: 209.107.230.127 (client-209-107-230-127.consolidated.net)
: 209.121.231.26 (d209-121-231-26.bchsia.telus.net)
: 209.165.52.121 (209-165-52-121.jps.net)
: 209.205.137.70 (msp3-209-205-137-70.datasync.com)
: 209.214.192.120 (host-209-214-192-120.mem.bellsouth.net)
: 209.6.220.50 (209-6-220-50.c3-0.wrx-ubr1.sbo-wrx.ma.cable.rcn.com)
: 209.89.253.34 (d209-89-253-34.abhsia.telus.net)
: 210.1.80.141 (210.1.80.141.pldtvibe.com)
: 210.10.200.4 (acc2-ppp4.per.dialup.connect.net.au)
: 210.108.70.152
: 210.108.85.93
: 210.124.150.42
: 210.23.166.95
: 210.23.179.131
: 210.244.16.64 (210-244-16-64.adsl.dynamic.seed.net.tw)
: 210.255.38.109 (H038109.ppp.dion.ne.jp)
: 210.5.104.14 (210.5.104.14.pldt.net)
: 210.97.171.40
: 211.119.118.227
: 211.133.211.82 (fjm0850.fmbsr1.thn.ne.jp)
: 211.180.157.13
: 212.179.193.171 (bzq-193-171.red.bezeqint.net)
: 212.179.234.166 (bzq-234-166.red.bezeqint.net)
: 212.194.141.112 (f07v-10-112.d1.club-internet.fr)
: 212.194.187.121 (f09v-8-121.d1.club-internet.fr)
: 212.194.37.190 (f03v-2-190.d1.club-internet.fr)
: 212.204.2.53 (iD4CC0235.versanet.de)
: 212.205.212.186 (lari535-a178.otenet.gr)
: 212.205.213.175 (syro530-a175.otenet.gr)
: 212.205.213.75 (syro530-a075.otenet.gr)
: 212.205.215.14 (patr530-a014.otenet.gr)
: 212.205.216.92 (chan366-isdn-a058.otenet.gr)
: 212.205.224.78 (chal364-isdn-a014.otenet.gr)
: 212.205.226.109 (thes530-c109.otenet.gr)
: 212.205.234.119 (athe530-f119.otenet.gr)
: 212.205.234.82 (athe530-f082.otenet.gr)
: 212.205.244.226 (patr530-b218.otenet.gr)
: 212.205.245.143 (athe530-j143.otenet.gr)
: 212.205.245.166 (athe530-j166.otenet.gr)
: 212.205.245.55 (athe530-j055.otenet.gr)
: 212.205.246.211 (athe530-n211.otenet.gr)
: 212.205.247.234 (athe530-e234.otenet.gr)
: 212.205.251.227 (myti530-a099.otenet.gr)
: 212.205.251.245 (myti530-a117.otenet.gr)
: 212.64.4.187 (cd44004bb.cable.wanadoo.nl)
: 212.98.31.14
: 213.122.56.135 (host213-122-56-135.in-addr.btopenworld.com)
: 213.42.80.33 (tdd033.emirates.net.ae)
: 213.58.74.84
: 213.7.224.94 (Be05e.b.pppool.de)
: 213.76.14.16 (pg16.katowice.cvx.ppp.tpnet.pl)
: 216.15.103.70 (216-15-103-70.c3-0.upd-ubr6.trpr-upd.pa.cable.rcn.com)
: 216.175.89.136 (user-vcaumc8.dsl.mindspring.com)
: 216.235.159.199 (216-235-146-199.astnetworks.com)
: 216.248.118.89
: 216.78.49.176 (host-216-78-49-176.ath.bellsouth.net)
: 217.107.136.88
: 217.144.222.11 (222-11.is.net.pl)
: 217.165.220.126 (cbb380.emirates.net.ae)
: 217.165.69.221 (de2983.alshamil.net.ae)
: 217.227.202.116 (pD9E3CA74.dip.t-dialin.net)
: 217.227.79.229 (pD9E34FE5.dip.t-dialin.net)
: 217.251.70.121 (pD9FB4679.dip.t-dialin.net)
: 218.108.151.239
: 218.108.156.29
: 218.13.14.218
: 218.13.16.79
: 218.15.226.99
: 218.161.99.205 (218-161-99-205.dynamic.hinet.net)
: 218.163.25.71 (218-163-25-71.dynamic.hinet.net)
: 218.164.106.137 (218-164-106-137.dynamic.hinet.net)
: 218.164.29.251 (218-164-29-251.dynamic.hinet.net)
: 218.165.20.211 (218-165-20-211.dynamic.hinet.net)
: 218.165.219.77
: 218.168.88.165 (218-168-88-165.dynamic.hinet.net)
: 218.171.250.3 (218-171-250-3.dynamic.hinet.net)
: 218.191.42.209
: 218.231.251.55 (218.231.251.55.eo.eaccess.ne.jp)
: 218.32.136.53 (ppp-218-32-136-53.KH.sparqnet.net)
: 218.71.203.53
: 218.73.237.92
: 218.87.220.61
: 219.133.131.180
: 219.136.0.116
: 219.137.231.147
: 219.165.250.188 (n250188.ap.plala.or.jp)
: 219.65.225.79
: 219.65.9.96 (PPP-219.65.9.96.mum1.vsnl.net.in)
: 219.68.10.223 (219-68-10-223.adsl.dynamic.giga.net.tw)
: 219.81.68.152 (152.68.81.219.dynamic.tfn.net.tw)
: 219.84.70.45 (219-84-70-45-adsl-tpe.static.so-net.net.tw)
: 220.139.146.208 (220-139-146-208.dynamic.hinet.net)
: 220.143.163.29 (220-143-163-29.dynamic.hinet.net)
: 220.168.181.157
: 220.175.160.3
: 220.184.126.116
: 220.187.71.50
: 220.189.26.5
: 220.210.190.20 (20.190.210.220.dy.bbexcite.jp)
: 220.220.168.213 (t168213.ap.plala.or.jp)
: 220.244.90.194 (220-244-90-194-vic.tpgi.com.au)
: 220.255.88.131 (bb220-255-88-131.singnet.com.sg)
: 220.99.230.69 (q230069.ap.plala.or.jp)
: 221.127.187.200
: 221.171.115.208 (FLH1Abg208.kng.mesh.ad.jp)
: 221.184.123.47 (p8047-ipad28niigatani.niigata.ocn.ne.jp)
: 221.189.145.61 (p5061-ipad41hodogaya.kanagawa.ocn.ne.jp)
: 221.218.57.119
: 221.224.62.132
: 221.229.229.230
: 221.229.253.42
: 222.11.134.178 (ZO134178.ppp.dion.ne.jp)
: 222.94.33.19
: 222.95.26.1
: 24.106.172.94 (rrcs-se-24-106-172-94.biz.rr.com)
: 24.108.224.230 (S010600022af164a5.gv.shawcable.net)
: 24.108.38.251 (S010600111107a0b6.no.shawcable.net)
: 24.233.85.65 (for
: dhcp-0-50-ba-5b-d2-c5.cpe.beld.net)
: 24.240.147.63 (24-240-147-63.charter.com)
: 24.242.255.27
: 24.65.14.51 (S01060050bf93dd7a.fm.shawcable.net)
: 24.68.100.236 (S010600096bda099d.gv.shawcable.net)
: 24.69.147.246 (S010600080264e17c.no.shawcable.net)
: 24.76.239.246 (S0106000ae6b86011.wp.shawcable.net)
: 24.78.81.201 (S01060010dc43c121.tb.shawcable.net)
: 24.79.94.241 (S010600402b45652b.wp.shawcable.net)
: 24.80.46.192 (S0106000d612d9ffc.vs.shawcable.net)
: 24.81.17.11 (S01060040ca316d46.vc.shawcable.net)
: 24.83.218.255 (S010600e01891849e.vc.shawcable.net)
: 24.83.219.82 (S01060000212b52fa.vc.shawcable.net)
: 24.84.236.173 (S0106000d6132e033.vc.shawcable.net)
: 24.85.59.223 (S010600104c14165d.vc.shawcable.net)
: 24.89.24.8 (dyn-24-8.myactv.net)
: 32.106.169.81 (slip32-106-169-81.sto.se.prserv.net)
: 4.10.33.219 (wbar2.wdc2-4-10-033-219.dsl-verizon.net)
: 4.10.6.179
: 4.11.101.89 (wbar8.lax1-4-11-101-089.dsl-verizon.net)
: 4.11.136.136 (wbar10.chi1-4-11-136-136.dsl-verizon.net)
: 4.11.218.42 (wbar9.lax1-4-11-218-042.dsl-verizon.net)
: 4.11.93.90 (wbar9.chi1-4-11-093-090.dsl-verizon.net)
: 4.12.80.112 (lsanca2-ar34-4-12-080-112.dsl-verizon.net)
: 4.13.16.211
: 4.13.36.245 (wbar10.lax-4-13-036-245.dsl-verizon.net)
: 4.14.179.228
: 4.14.36.82
: 4.16.5.112
: 4.16.5.122
: 4.16.87.154
: 4.167.239.246 (dialup-4.167.239.246.Dial1.NewYork1.Level3.net)
: 4.169.5.120 (dialup-4.169.5.120.Dial1.LosAngeles1.Level3.net)
: 4.176.129.144 (dialup-4.176.129.144.Dial1.Phoenix1.Level3.net)
: 4.182.48.119 (dialup-4.182.48.119.Dial1.SanJose1.Level3.net)
: 4.182.66.5 (dialup-4.182.66.5.Dial1.SanJose1.Level3.net)
: 4.224.84.110 (dialup-4.224.84.110.Dial1.Cincinnati1.Level3.net)
: 4.225.211.191 (dialup-4.225.211.191.Dial1.Denver1.Level3.net)
: 4.226.195.217 (dialup-4.226.195.217.Dial1.Dallas1.Level3.net)
: 4.228.12.191 (dialup-4.228.12.191.Dial1.Denver1.Level3.
More information about the Linux-greek-users
mailing list