ÇØÅ· ½Ãµµ.. ¸·À» ¹æ¹ýÀº?

   Á¶È¸ 4498   Ãßõ 0    

 리눅스를 백업서버로 쓸려고 세팅했더니 온갖 세계 각국에서 root 패스워드를 시도 하네요.

이거 근본적으로 막을 방법은 없나요?

우선 iptable 로 icmp drop 시켰고 

주요 의심국가인 "중국", "러시아" IP 는 모두 iptable 로 차단했습니다.


-------- 참고 ------ 해킹 시도 예 -------- /var/log/secure 파일

Aug 12 03:42:30 localhost sshd[15742]: Failed password for root from 202.55.175.236 port 33828 ssh2                ID

Aug 12 03:42:30 localhost sshd[15742]: Received disconnect from 202.55.175.236 port 33828:11: Bye Bye [preauth]

Aug 12 03:42:30 localhost sshd[15742]: Disconnected from 202.55.175.236 port 33828 [preauth]

Aug 12 03:42:37 localhost sshd[15763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.33.175  user=root

Aug 12 03:42:37 localhost sshd[15763]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Aug 12 03:42:39 localhost sshd[15763]: Failed password for root from 111.229.33.175 port 50304 ssh2

Aug 12 03:42:39 localhost sshd[15763]: Received disconnect from 111.229.33.175 port 50304:11: Bye Bye [preauth]         CN

Aug 12 03:42:39 localhost sshd[15763]: Disconnected from 111.229.33.175 port 50304 [preauth]

Aug 12 03:42:57 localhost sshd[15765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.52.35  user=root

Aug 12 03:42:57 localhost sshd[15765]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Aug 12 03:43:00 localhost sshd[15765]: Failed password for root from 106.54.52.35 port 40674 ssh2                CN

Aug 12 03:43:00 localhost sshd[15765]: Received disconnect from 106.54.52.35 port 40674:11: Bye Bye [preauth]

Aug 12 03:43:00 localhost sshd[15765]: Disconnected from 106.54.52.35 port 40674 [preauth]

Aug 12 03:43:00 localhost sshd[15767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.80.173.36  user=root

Aug 12 03:43:00 localhost sshd[15767]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Aug 14 09:16:50 localhost sshd[4369]: Disconnected from 222.99.52.216 port 19521 [preauth]                성남 KT

Aug 14 09:16:53 localhost sshd[4371]: reverse mapping checking getaddrinfo for h206-174-214-90.bigpipeinc.com [206.174.214.90] failed - POSSIBLE BREAK-IN ATTEMPT!

Aug 14 09:16:53 localhost sshd[4371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.174.214.90  user=root

Aug 14 09:16:53 localhost sshd[4371]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Aug 14 09:16:55 localhost sshd[4371]: Failed password for root from 206.174.214.90 port 42860 ssh2                CA

Aug 14 09:16:55 localhost sshd[4371]: Received disconnect from 206.174.214.90 port 42860:11: Bye Bye [preauth]

Aug 14 09:16:55 localhost sshd[4371]: Disconnected from 206.174.214.90 port 42860 [preauth]

Aug 14 09:16:56 localhost sshd[4373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.239.28.177  user=root

Aug 14 09:16:56 localhost sshd[4373]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Aug 14 09:16:58 localhost sshd[4373]: Failed password for root from 222.239.28.177 port 33462 ssh2                중구 SK브로드밴드

Aug 14 09:16:58 localhost sshd[4373]: Received disconnect from 222.239.28.177 port 33462:11: Bye Bye [preauth]

Aug 14 09:16:58 localhost sshd[4373]: Disconnected from 222.239.28.177 port 33462 [preauth]

Aug 14 09:17:05 localhost sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.ip-51-255-160.eu  user=root

Aug 14 09:17:05 localhost sshd[4377]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Aug 14 09:17:07 localhost sshd[4375]: Accepted password for root from 192.168.0.13 port 59086 ssh2

Aug 14 09:17:07 localhost sshd[4375]: pam_unix(sshd:session): session opened for user root by (uid=0)

Aug 14 09:17:07 localhost sshd[4377]: Failed password for root from 51.255.160.51 port 42922 ssh2                FR

Aug 14 09:17:08 localhost sshd[4377]: Received disconnect from 51.255.160.51 port 42922:11: Bye Bye [preauth]

Aug 14 09:17:08 localhost sshd[4377]: Disconnected from 51.255.160.51 port 42922 [preauth]

Aug 14 09:17:17 localhost sshd[4437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=n058153174086.netvigator.com  user=root

Aug 14 09:17:17 localhost sshd[4437]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Aug 14 09:17:19 localhost sshd[4437]: Failed password for root from 58.153.174.86 port 49844 ssh2                HK

Aug 14 09:17:19 localhost sshd[4437]: Received disconnect from 58.153.174.86 port 49844:11: Bye Bye [preauth]

Aug 14 09:17:19 localhost sshd[4437]: Disconnected from 58.153.174.86 port 49844 [preauth]




----------------- ip table setting ------

root@localhost:/etc/rc.d# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere

DROP       all  --  anywhere             anywhere             state INVALID

ACCEPT     tcp  --  anywhere             anywhere             state RELATED,ESTABLISHED

DROP       tcp  --  58.75.202.88         anywhere             tcp dpt:http state NEW,ESTABLISHED

DROP       tcp  --  116.38.215.160       anywhere             tcp dpt:http state NEW,ESTABLISHED

DROP       tcp  --  203.227.217.158      anywhere             tcp dpt:http state NEW,ESTABLISHED

DROP       all  --  175.127.42.0/24      anywhere

DROP       all  --  175.127.41.0/24      anywhere

DROP       all  --  175.127.40.0/24      anywhere

DROP       all  --  175.127.39.0/24      anywhere

DROP       all  --  203.142.81.0/24      anywhere

ACCEPT     tcp  --  gateway              anywhere             tcp dpt:ftp state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3306 state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:svn state NEW,ESTABLISHED

DROP       tcp  --  anywhere             anywhere             tcp dpt:smtp state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:afs3-fileserver state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:afs3-callback state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:irdmi state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:vcom-tunnel state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cslistener state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:etlservicemgr state NEW,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ndmp state NEW,ESTABLISHED

DROP       tcp  --  anywhere             anywhere

DROP       icmp --  anywhere             anywhere

DROP       all  --  anywhere             anywhere             source IP range 1.0.1.0-1.0.3.255

DROP       all  --  anywhere             anywhere             source IP range 1.0.8.0-1.0.15.255

DROP       all  --  anywhere             anywhere             source IP range 1.0.32.0-1.0.63.255

DROP       all  --  anywhere             anywhere             source IP range 1.1.0.0-1.1.0.255

DROP       all  --  anywhere             anywhere             source IP range 1.1.2.0-1.1.63.255

DROP       all  --  anywhere             anywhere             source IP range 1.2.0.0-1.2.2.255

DROP       all  --  anywhere             anywhere             source IP range 1.2.4.0-1.2.127.255

DROP       all  --  anywhere             anywhere             source IP range 1.3.0.0-1.3.255.255

DROP       all  --  anywhere             anywhere             source IP range 1.4.1.0-1.4.127.255

DROP       all  --  anywhere             anywhere             source IP range 1.8.0.0-1.8.255.255

DROP       all  --  anywhere             anywhere             source IP range 1.10.0.0-1.10.9.255

DROP       all  --  anywhere             anywhere             source IP range 1.10.11.0-1.10.127.255

DROP       all  --  anywhere             anywhere             source IP range 1.12.0.0-1.15.255.255

DROP       all  --  anywhere             anywhere             source IP range 1.24.0.0-1.31.255.255

DROP       all  --  anywhere             anywhere             source IP range 1.45.0.0-1.45.255.255


이지포토
ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
¹Ú¹®Çü 2020-08
IP ¸·°í ¹æÈ­º® ±¸ÃàÇÏ´Â°Ô ´Ù À̱äÇÕ´Ï´Ù..

¹æÈ­º®À» ±¸ÃàÇصµ ¶Õ¸±¶§´Â ¶Õ¸®±â¿¡ °è¼Ó µ·µé¿©¼­ ¹æÈ­º® ÇÁ·Î±×·¥À» ¾÷µ¥ÀÌÆ® ÇØÁà¾ß ÇÕ´Ï´Ù..

±× ¿Ü º¸Á¶¼ö´ÜÀ¸·Î ¼­¹öÀÇ IP¸¦ °¡²û¾¿ ¹Ù²ã º¸´Â ¹æ¹ýµµ ÀÖ½À´Ï´Ù..
     
¼­¹öIP ¹Ù²Ù¸é µþ¸° ½Ä±¸µéÀÌ ¸¹¾Æ¼­ Á» ¹Ùºü¿ä. dns ·¹ÄÚµå ºÎÅÍ .. ^^
¹®ÀÌ ÀÖÀ¸¸é, ÃÊÀÎÁ¾ ´©¸£´Â »ç¶÷ÀÌ ÀÖÀ¸´Ï ...
root °èÁ¤¸í ¹Ù²ã ¹ö¸®¼¼¿ä
     
±ÂÀÔ´Ï´Ù
     
·çÆ®´Â Á¢¼Ó ¸øÇÏ°Ô ÇÏ°í À¯Àú¸¦ ´ë½Å Á¢¼ÓÇؼ­ ½ºÀ§ÄªÇ϶õ ¸»¾¸ÀÌÁÒ?
Å丮 2020-08
¹¹ ±âº»ÀûÀ¸·Î.. ¿ÜºÎ Á¢¼ÓÀ» ¿­¾îµÎ¼ËÀ¸´Ï ¸»±×´ë·Î ¹® µÎµå¸®´Â ±æÀ» ¸·À»±æÀº.. Àú¼ö´ÜÀÌ ´ÙÀ̱äÇÕ´Ï´Ù..
°æºñ½Ç(?)¼­¹ö¸¦ ¸¸µé¾î¼­ ÀÎÁõÈÄ ÅëÇϽðŴÏ..
±×·±°Ô °³ÀÎÀ¸·Î½á ÃÖ¼±ÀÌÁÒ¸Ó.. ¹æÈ­º®µµ ¾÷µ¥ÀÌÆ®¿Í À¯·áºñ¿ë»ý°¢Çϸé¿ä..
     
°æºñ½Ç(?)¼­¹ö¸¦ ¸¸µé¾î¼­ ÀÎÁõÈÄ ÅëÇϽðŴÏ.. --> ¿ä°Å ¹æ¹ýÁ»..¾ËÄÑ ÁÖ¼¼¿ä.
          
Å丮 2020-08
±×³É ½±°Ô..ÀÌÇØÇÏ½Ã¸é ¼­¹ö¸¦ Çϳª´õ ¸¸µå½Ã´Â°Ì´Ï´Ù..
±× ¼­¹ö¸¦ ÅëÇؼ­¸é ÇØ´ç º»¼­¹ö¸¦ Á¢¼Ó°¡´ÉÇÏ°í... ¹æÈ­º®°°Àº°ÅÁÒ
°³ÀÎÀÌ ¹æÈ­º®À̳ª ±×·±°Å Çسõ°í °ü¸®Çϱ⹹ÇÏ´Ï;
¼­¹ö¸¦ Á¢¼ÓÇÒ ¹®Áö±â¼­¹ö¸¦ µÎ°í.. ÇØ´ç ¼­¹ö¶ûÀº Á÷Á¢¿¬°á½ÃÄѳõ°í ÇØ´ç ¹®Áö±â¼­¹ö¸¸ °úºÎÈ­ ¹Þ´Â°ÅÁÒ¸Ó;
±×³É¼­¹ö Çϳª´õ ¸¸µå´Â°³³äÀÔ´Ï´Ù.. ¿¬°áÀº ¼­¹ö³¢¸® ¿¬°áÇϽøéµË´Ï´Ù..
±×³É
°£´ÜÇÕ´Ï´Ù
ù°  Ssh  Á¢¼Ó Æ÷Æ®¸¦ ¹Ù²Ù¼¼¿ä
¿¹¸¦µé¸é 8291    ÀÌ·±½ÄÀ¸·Î

µÑ°
³»ºÎ ip¿Í  Á¢¼ÓÇϴ  ƯÁ¤ ip ¿¡¼­¸¸ ssh Á¢¼Ó°¡´ÉÇÏ°Ô ÇÕ´Ï´Ù
     
À§·Î±× º¸½Ã¸é Æ÷Æ® ¹Ù²ã°¡¼Å ½Ãµµ Çϳ׿ä. ±Ùµ¥ ¾Æ¹«µ¥³ª °¡¼­ Á¢¼ÓÇÒ¶§°¡ °¡²û ÀÖ½À´Ï´Ù. ÀÌ·²¶© Á¦°¡ ºÒÆíÇؼ­..^^
          
¹è»ó0¿ø 2020-08
Á¦ °æ¿ì ¿ÜºÎ ±âÁØ 22´Â ³»ºÎÀÇ Å×½ºÆ® ¼­¹ö·Î, 22XX´Â ÁÖ ¼­¹ö·Î ¿¬°áÇØÁÖ¾ú½À´Ï´Ù.
º¸Åë 22¸¦ ¸ÕÀú ±ÜÀ¸´Ï, 22·Î Á¢¼ÓÇؼ­ ÀÌ»óÇÑ ½Ãµµ¸¦ ÇÏ¸é ¹æÈ­º®¿¡ block ip 1ÁÖÀÏ Â¥¸®·Î µî·ÏÇØÁÝ´Ï´Ù.
°¡²û Á¦°¡ ½Ç¼öÇؼ­, ÆùÀÇ lte¸¦ Äѱä ÇÕ´Ï´Ù¸¸ Æ÷Æ®¸¸ ¹Ù²Ù¾îµµ ·Î±×°¡ ÄèûÇϴϱî¿ä.
±èÇö¸° 2020-08
sshÆ÷Æ® º¯°æ¸¸ Çϼŵµ °ÅÀÇ ¾ø¾î Áú²®´Ï´Ù.
     
À§·Î±× º¸½Ã¸é Æ÷Æ® ¹Ù²ã°¡¼Å ½Ãµµ Çϳ׿ä
          
±èÇö¸° 2020-08
±×·¯³×¿ä;;;
Àúµµ °øÀÎip¹Þ¾Æ¾²´Âµ¥ sshÆ÷Æ®¸¸ º¯°æÇß´õ´Ï È®Âá¾î¼­ ±×·¯·Á´Ï Çߴµ¥..
Æ÷Æ®µµ ·£´ýÀ¸·Î Ä¡°í µé¾î¿À³ªº¸±º¿ä
´ë´ÜÇÕ´Ï´Ù ¤§¤§
ÀÎÅͳݻ󿡼­ ÀÌ·±°Ç ±×³É ¹é±×¶ó¿îµå ³ëÀÌÁî¶ó°í ÇÕ´Ï´Ù.
Àü¼¼°è ¸ðµç ipv4 °ø¿ëIP¿¡ ´ëÇؼ­ Æ÷Æ®½ºÄ³´× Çϴ°̴ϴÙ.
´ë»óÀÌ Æ¯Á¤µÈ °Íµµ ¾Æ´Ï°í ±×³É ¹¹µç Çϳª ¾ò¾î°É¸®¶ó°í µ¹¸®´Â °Ì´Ï´Ù.

ssh °³¹æÀ» lan ´ë»óÀ¸·Î¸¸ ÇÏ°í VPN ¿¬°áÇؼ­ Á¢¼ÓÇϼ¼¿ä.
¹Ú°Ç 2020-08
È­ÀÌÆ®¸®½ºÆ®·Î ƯÁ¤ IP·Î¸¸ Á¢±ÙÇϽôø°¡, fail2banÀ¸·Î ÀÏÁ¤ÇÑ ±âÁØ ÀÌ»óÀÇ Á¢¼Ó ½ÇÆд Á¢¼Ó Â÷´ÜÀ» ÇÏ´ø°¡ ÇÒ ¼ö Àְڳ׿ä.
¼úÀÌ 2020-08
¾î¶²Æ÷Æ®¸¦ ¹Ù²Ù´õ¶óµµ °á±¹Àº ã¾Æ³»±¸¿ä ¾Õ´Ü¿¡ ¹æÈ­º®À̳ª ÇÊÅÍ ¹× NAT Æ÷¿öµùÇÏ´Â ¿ªÇÒÇÒ°Ô ÀÖ¾î¾ß µÇ±¸¿ä root¸¦ ¾²µç ¾È¾²´Â Àú°Ô µ¿½Ã´Ù¹ßÀûÀ¸·Î °è¼Ó ½ÃµµÇϱ⠶§¹®¿¡ Æ®·¡ÇÈ ¿µÇâµµ ÀÖ°í Àú ¼¼¼Ç¶§¹®¿¡ ¸ØÄ©¸ØÄ©ÇÏ´Â °æ¿ìµµ »ý±é´Ï´Ù.
VPN ¾²´Â°Ô Á¦ÀÏ È¿À²ÀûÀÔ´Ï´Ù.


QnA
Á¦¸ñPage 927/5680
2015-12   1484004   ¹é¸Þ°¡
2014-05   4947345   Á¤ÀºÁØ1
2021-07   2876   °Å´Ï½ºÆ®
2021-01   2876   CARMEX
2018-12   2876   ÀÌ¿øÀçK
2023-02   2876   devopsman
2023-08   2876   ÇÁ·Î±×·¡¸ÓJ
2021-01   2876   ´ó´óÀÌ
2020-07   2876   DDDIE
2019-05   2876   ºÀ·¡
2019-10   2876   »ç¸·Æë±Ï
2021-03   2876   ÀÚÀ¯°æÀï
2020-03   2876   ÀÌÇÁ¸®Å¸
2019-05   2876   ÇູÇϼ¼
2020-04   2877   »õÃÑ
2018-12   2877   shockwave
2019-01   2877   °³³ä¸·¸·
2019-04   2877   ¶Ñ¶Ñ±è´ë¿ø
2018-11   2877   DDDIE
2020-03   2877   negativete
2019-12   2877   ±Ç¼ø±Ô
2018-10   2877   ÅëÅë9