Γιατί οι Windows users την έχουν βάψει
Iakwbos Triantafillou
ewsforos at styx.irc.gr
Sun Jul 11 22:24:49 EEST 2004
V13 wrote:
>On Saturday 10 July 2004 19:53, Iakwbos Triantafillou wrote:
>
>
>>Giorgos Keramidas wrote:
>>
>>
>>> ΓΙΑΤΙ ΟΙ WINDOWS USERS ΤΗΝ ΕΧΟΥΝ ΒΑΨΕΙ
>>>
>>> [ Όταν δεν Έχουν Κάποιο Αξιοπρεπές Firewall ]
>>>
>>>Γιατί λίγα δευτερόλεπτα αφού συνδεθούμε, ακόμα και με μια απλή dialup
>>>
>>>σύνδεση, οι ιοί μας την έχουν πέσει:
>>>: Jul 10 08:04:16 gothmog ppp[487]: tun0: Phase: deflink: lcp -> open
>>>: Jul 10 08:04:40 gothmog ipmon[169]: 08:04:39.571816 tun0 @0:23 b
>>>: 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul
>>>: 10 08:04:40 gothmog ipmon[169]: 08:04:39.691778 tun0 @0:23 b
>>>: 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:41 gothmog ipmon[169]: 08:04:40.613667 tun0 @0:23 b
>>>: 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul
>>>: 10 08:04:42 gothmog ipmon[169]: 08:04:41.591530 tun0 @0:23 b
>>>: 220.139.146.208,4440 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul
>>>: 10 08:04:43 gothmog ipmon[169]: 08:04:42.673400 tun0 @0:23 b
>>>: 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:46 gothmog ipmon[169]: 08:04:46.102958 tun0 @0:23 b
>>>: 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:47 gothmog ipmon[169]: 08:04:47.018874 tun0 @0:23 b
>>>: 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:48 gothmog ipmon[169]: 08:04:47.838736 tun0 @0:23 b
>>>: 68.150.0.100,4560 -> 212.205.244.240,445 PR tcp len 20 48 -S IN Jul 10
>>>: 08:04:49 gothmog ipmon[169]: 08:04:48.594633 tun0 @0:23 b
>>>: 200.226.30.211,3278 -> 212.205.244.240,445 PR tcp len 20 48 -S IN
>>>
>>>Ειδικά σε μηχανήματα που είναι μόνιμα συνδεδεμένα (βλ. DSL), οι μόνιμες
>>>και ασταμάτητες επιθέσεις μπορεί να φτάσουν σε τρελά νούμερα, αν ένα
>>>dialup connection σε διάστημα λίγης ώρας δέχεται σχεδόν 1000 προσπάθειες
>>>
>>>για σύνδεση σε απαγορευμένα ports:
>>>: sysop at gothmog:~# sh listports.sh
>>>: RANK HITS PORT
>>>: 1 861 445
>>>: 2 49 135
>>>: 3 14 50555
>>>: 4 7 2179
>>>: 5 6 1214
>>>: 6 5 137
>>>: 7 3 80
>>>: 8 3 23
>>>: 9 3 1080
>>>: 10 2 8080
>>>: 11 2 6588
>>>: 12 2 3128
>>>: 13 2 1433
>>>: 14 2 113
>>>: 15 1 8000
>>>: 16 1 65506
>>>: 17 1 4480
>>>: 18 1 407
>>>: 19 1 3382
>>>: 20 1 21
>>>: sysop at gothmog:~# sh listports.sh | sed -e 1d | awk 'BEGIN{total=0}
>>>: {total+=$2} END{print total}' 967
>>>: sysop at gothmog:~#
>>>
>>>
>>pfffff.... amateurs....
>>
>>
>>[root at styx ewsforos]# ./showfwlogs.sh
>>PORT HITS
>>445 39763
>>135 62862
>>50555 5
>>2179 226
>>1214 283
>>137 11004
>>80 32098
>>23 91722
>>1080 518
>>8080 334
>>6588 143
>>3128 364
>>1433 721
>>113 49682
>>8000 124
>>65506 52
>>4480 162
>>407 2391
>>3382 188
>>21 173974
>>
>>[root at styx ewsforos]# wc -l /var/log/router.log
>> 376217 /var/log/router.log
>>
>>
>
>tsk tsk...
>
>(incoming)
>XXXXXX>sh access-list 199
>Extended IP access list 199
> 10 deny tcp any any eq 135 (5901040 matches)
> 20 deny udp any any eq 135
> 30 deny tcp any any eq 137
> 40 deny udp any any eq netbios-ns (2285477 matches)
> 50 deny tcp any any eq 138
> 60 deny udp any any eq netbios-dgm
> 70 deny tcp any any eq 139 (26731 matches)
> 80 deny udp any any eq netbios-ss (3697 matches)
> 90 deny tcp any any eq 445 (66622756 matches)
> 100 deny udp any any eq 445 (37 matches)
>[...]
>
>(outogoing)
>XXXXXX>sh access-list 198
>Extended IP access list 198
>[...]
> 340 deny tcp any any eq 135 (405080 matches)
> 350 deny udp any any eq 135
> 360 deny tcp any any eq 137
> 370 deny udp any any eq netbios-ns (2327 matches)
> 380 deny tcp any any eq 138
> 390 deny udp any any eq netbios-dgm
> 400 deny tcp any any eq 139 (2502 matches)
> 410 deny udp any any eq netbios-ss
> 420 deny tcp any any eq 445 (5705281 matches)
> 430 deny udp any any eq 445
>[...]
>
>:)
>
>
>
Eeeee, mprrrrr!!! Cheater!!! Gia spiti leme :-P
Esy ebales oloklhro uni mesa :-P
I.T.
><<V13>
>
PS: bale kana remote logging sto mayro to cisco pou to xete piksei kai
kane ki ena scriptaki na sou bgazei stats :-P
More information about the Linux-greek-users
mailing list