Γιατί οι Windows users την έχουν βάψει

Iakwbos Triantafillou ewsforos at styx.irc.gr
Sun Jul 11 22:24:49 EEST 2004


V13 wrote:

>On Saturday 10 July 2004 19:53, Iakwbos Triantafillou wrote:
>  
>
>>Giorgos Keramidas wrote:
>>    
>>
>>>		 ΓΙΑΤΙ ΟΙ WINDOWS USERS ΤΗΝ ΕΧΟΥΝ ΒΑΨΕΙ
>>>
>>>	     [ Όταν δεν Έχουν Κάποιο Αξιοπρεπές Firewall ]
>>>
>>>Γιατί λίγα δευτερόλεπτα αφού συνδεθούμε, ακόμα και με μια απλή dialup
>>>
>>>σύνδεση, οι ιοί μας την έχουν πέσει:
>>>: Jul 10 08:04:16 gothmog ppp[487]: tun0: Phase: deflink: lcp -> open
>>>: Jul 10 08:04:40 gothmog ipmon[169]: 08:04:39.571816 tun0 @0:23 b
>>>: 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul
>>>: 10 08:04:40 gothmog ipmon[169]: 08:04:39.691778 tun0 @0:23 b
>>>: 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:41 gothmog ipmon[169]: 08:04:40.613667 tun0 @0:23 b
>>>: 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul
>>>: 10 08:04:42 gothmog ipmon[169]: 08:04:41.591530 tun0 @0:23 b
>>>: 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul
>>>: 10 08:04:43 gothmog ipmon[169]: 08:04:42.673400 tun0 @0:23 b
>>>: 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:46 gothmog ipmon[169]: 08:04:46.102958 tun0 @0:23 b
>>>: 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:47 gothmog ipmon[169]: 08:04:47.018874 tun0 @0:23 b
>>>: 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:48 gothmog ipmon[169]: 08:04:47.838736 tun0 @0:23 b
>>>: 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:49 gothmog ipmon[169]: 08:04:48.594633 tun0 @0:23 b
>>>: 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
>>>
>>>Ειδικά σε μηχανήματα που είναι μόνιμα συνδεδεμένα (βλ. DSL), οι μόνιμες
>>>και ασταμάτητες επιθέσεις μπορεί να φτάσουν σε τρελά νούμερα, αν ένα
>>>dialup connection σε διάστημα λίγης ώρας δέχεται σχεδόν 1000 προσπάθειες
>>>
>>>για σύνδεση σε απαγορευμένα ports:
>>>: sysop at gothmog:~# sh listports.sh
>>>:     RANK    HITS    PORT
>>>:        1     861     445
>>>:        2      49     135
>>>:        3      14   50555
>>>:        4       7    2179
>>>:        5       6    1214
>>>:        6       5     137
>>>:        7       3      80
>>>:        8       3      23
>>>:        9       3    1080
>>>:       10       2    8080
>>>:       11       2    6588
>>>:       12       2    3128
>>>:       13       2    1433
>>>:       14       2     113
>>>:       15       1    8000
>>>:       16       1   65506
>>>:       17       1    4480
>>>:       18       1     407
>>>:       19       1    3382
>>>:       20       1      21
>>>: sysop at gothmog:~# sh listports.sh | sed -e 1d | awk 'BEGIN{total=0}
>>>: {total+=$2} END{print total}' 967
>>>: sysop at gothmog:~#
>>>      
>>>
>>pfffff.... amateurs....
>>
>>
>>[root at styx ewsforos]# ./showfwlogs.sh
>>PORT            HITS
>>445             39763
>>135             62862
>>50555           5
>>2179            226
>>1214            283
>>137             11004
>>80              32098
>>23              91722
>>1080            518
>>8080            334
>>6588            143
>>3128            364
>>1433            721
>>113             49682
>>8000            124
>>65506           52
>>4480            162
>>407             2391
>>3382            188
>>21              173974
>>
>>[root at styx ewsforos]# wc -l /var/log/router.log
>> 376217 /var/log/router.log
>>    
>>
>
>tsk tsk...
>
>(incoming)
>XXXXXX>sh access-list 199
>Extended IP access list 199
>    10 deny tcp any any eq 135 (5901040 matches)
>    20 deny udp any any eq 135
>    30 deny tcp any any eq 137
>    40 deny udp any any eq netbios-ns (2285477 matches)
>    50 deny tcp any any eq 138
>    60 deny udp any any eq netbios-dgm
>    70 deny tcp any any eq 139 (26731 matches)
>    80 deny udp any any eq netbios-ss (3697 matches)
>    90 deny tcp any any eq 445 (66622756 matches)
>    100 deny udp any any eq 445 (37 matches)
>[...]
>
>(outogoing)
>XXXXXX>sh access-list 198
>Extended IP access list 198
>[...]
>    340 deny tcp any any eq 135 (405080 matches)
>    350 deny udp any any eq 135
>    360 deny tcp any any eq 137
>    370 deny udp any any eq netbios-ns (2327 matches)
>    380 deny tcp any any eq 138
>    390 deny udp any any eq netbios-dgm
>    400 deny tcp any any eq 139 (2502 matches)
>    410 deny udp any any eq netbios-ss
>    420 deny tcp any any eq 445 (5705281 matches)
>    430 deny udp any any eq 445
>[...]
>
>:)
>
>  
>
Eeeee, mprrrrr!!! Cheater!!! Gia spiti leme :-P
Esy ebales oloklhro uni mesa :-P

I.T.

><<V13>
>
PS: bale kana remote logging sto mayro to cisco pou to xete piksei kai 
kane ki ena scriptaki na sou bgazei stats :-P




More information about the Linux-greek-users mailing list