Board logo

標題: Hacker IP log [打印本頁]
作者: 角色    時間: 2010-9-6 08:36     標題: Hacker IP log

221.236.12.33  四川省成都市 电信

这位hacker用中国人常用的login 和 password作测试。但是由于我的passwords,正常需要最长300年才能测试出来,所以很多hackers,一般攻击不久就离开。所以我再打算把密码加长两位,加上大小写英文字母,最长需要7千万年才解开。估计用美国的超级电脑也需要这个时间,那么一般的hackers也有那么多的时间呢?
  1. 3456 [Sep  6 07:45:52] NOTICE[20066] chan_sip.c: Registration from '"590940371"<sip:590940371@58.61.13.212>' failed for '221.236.12.33' - No matching peer found

  3. 24300 [Sep  6 08:00:33] NOTICE[20066] chan_sip.c: Registration from '"3002" <sip:3002@58.61.13.212>' failed for '221.236.12.33' - Wrong password
複製代碼
这位hacker用了15分钟去攻击我的Asterisk Server。之前有一位克罗地亚的hacker花2个小时。


角色
作者: lttliang    時間: 2010-9-6 10:39

221.236.12.33  四川省成都市 电信

这位hacker用中国人常用的login 和 password作测试。但是由于我的passw ...
角色 發表於 2010-9-6 08:36



    又系四川人。。。
作者: lttliang    時間: 2010-9-6 12:29

221.236.12.33  四川省成都市 电信

这位hacker用中国人常用的login 和 password作测试。但是由于我的passw ...
角色 發表於 2010-9-6 08:36



    用咩命令  在边处可以睇到这个信息?
作者: 角色    時間: 2010-9-6 13:35

vi /var/log/asterisk/messages
作者: Qnewbie    時間: 2010-9-6 15:50

Another one trying to break into my non-existing ftp server for the third time today. Poor hacker

It tries to login one time per second. For 12 digit password with alphabets and numbers, i.e., the hacker needs (26X2+10)^12/(60X60X24X365)=102,304,247,919,771 years. Good luck!
作者: ckleea    時間: 2010-9-6 16:19

回復 5# Qnewbie


    it also depends how the hacker uses. Some times, they have a robot to generate password within a very short time. However, if it is from a causal person, the trial and error will be much slower and a few attempt.
作者: 角色    時間: 2010-9-6 17:55

Even though hackers use robot (machine) to generate a password patterns, the frequently of password hacking will not be very high. As a result, for a 10-16 digit long password should be good enough to reduce the chances of being hacked.

YH
作者: 角色    時間: 2010-9-9 08:35

IP:183.38.120.228 广东省 电信
  1. [Sep  9 08:28:36] NOTICE[3157] chan_sip.c: Registration from '"1475489026"<sip:1475489026@183.38.120.228>' failed for '115.238.28.151' - No matching peer found
  2. [Sep  9 08:29:24] NOTICE[3157] chan_sip.c: Registration from '"3712696007"<sip:3712696007@183.38.120.228>' failed for '115.238.28.151' - No matching peer found
複製代碼
不知道是否我加了alwaysauthreject=yes, 来不断hack的人也少了。


角色
作者: 角色    時間: 2010-9-9 08:37

IP:116.25.174.173 广东省深圳市 电信
  1. [Sep  8 21:08:20] NOTICE[7344] chan_sip.c: Registration from '"465708066"<sip:465708066@116.25.174.173>' failed for '89.115.178.75' - No matching peer found
複製代碼
First attempt不成功就走人。

角色
作者: bubblestar    時間: 2010-9-9 09:15

之前你用IP-01,它的Default也是 alwaysauthreject=yes 的,為什麼會跟現在有分別呢?  可能Hacker是不同人,所以有不同的耐性。
作者: 角色    時間: 2010-9-9 09:56

我之前的D510MO的Asterisk server,所有settings都是自己一手一脚加上去的,所以没有自动,所以会引起多一些人才hack,最近才加上alwaysauthreject=yes后,好像hack的人少了,不过要多观测久一点才能知道结果。


角色
作者: bubblestar    時間: 2010-9-10 14:27

本帖最後由 bubblestar 於 2010-9-10 14:38 編輯

Below is an email conversation between a blogger and Chris Lyman, the former CEO of Fonality, the makers of trixbox IP-PBX systems.

Cracking IP-PBX SIP Passwords - Be Afraid!

You can get some more ideas and this is good for thought.


10 Rules You Should Follow
作者: 角色    時間: 2010-9-10 14:54

谢谢bubblestar兄的信息。

角色
作者: ckleea    時間: 2010-9-10 15:13

回復 12# bubblestar


    Thanks for a useful information
作者: ckleea    時間: 2011-1-17 09:21

A new one from 188.161.208.16

IP         :        188.161.208.16             Neighborhood
Host         :        ?   
Country         :        Palestinian Territory, Occupied
作者: ckleea    時間: 2011-1-18 20:52

I have made a very aggressive approach to block a range of IP from 188.161.208.1 - 188.161.211.254
作者: bubblestar    時間: 2011-1-18 22:02

Me too.  Once I was attacked by one of the IP in the range, I would block the whole IP range thru my Router settings.
My router can block a total of 256 IP ranges.  Now I've just used 9 IP ranges.  Still have much room to adopt this policy.  Above all, I am 100% sure I don't need to communicate anyone of these IP addresses.
作者: bubblestar    時間: 2011-1-18 22:04

I think it is also better to enable DoS defend feature to avoid flooding attack.
作者: ckleea    時間: 2011-1-19 10:26

回復 18# bubblestar

Please consolidate the hackers IP here for both alertness and adaption into our firewall rules.
作者: bubblestar    時間: 2011-1-19 15:32

本帖最後由 bubblestar 於 2011-1-19 15:37 編輯

The Hackers' IP ranges that I experienced or through the members here are as below:
  1. China Unicom Shandong                 119.176.0.0 - 119.191.255.255
  2. China Chinanet Anhui                  60.166.0.0 - 60.175.255.255
  3. China Tianjin Anteinfo                202.99.121.0 - 202.99.121.255
  4. Netherlands NL Leaseweb               95.211.0.0 - 95.211.255.255
  5. UNKNOWN THEPLANET                     174.132.0.0 - 174.133.255.255
  6. Korea HANANET                         222.232.0.0 - 222.239.255.255
  7. China CHINANET-Jiangsu                202.102.0.0 - 202.102.127.255
  8. UK iDealhosting                       95.154.248.0 - 95.154.251.255
  9. Middle-East Palestine                 188.161.128.0 - 188.161.255.255
複製代碼
In view of above record, more than 44% of hackers' IP come from China.  HOW BAD they are.  

I block all these IP ranges without ANY hesitation.  If anyone of you have some friends or relatives come from these Service Providers, you may adjust and fine tune by yourselves.  Otherwises, your contact with them may become disconnected.
作者: ckleea    時間: 2011-1-19 16:24

The Hackers' IP ranges that I experienced or through the members here are as below:In view of above  ...
bubblestar 發表於 2011-1-19 15:32



A few more in my list
79.114.199.69
64.156.192.26
202.129.0.9
作者: bubblestar    時間: 2011-1-19 17:15

Some active Asterisk Brute-force Hackers can be found in here

http://www.ipillion.com/ip/64.156.192.26
作者: ckleea    時間: 2011-1-19 19:16

回復 22# bubblestar


    very interesting site with information about complaints of an IP or webhost
作者: bubblestar    時間: 2011-1-19 20:48

回復 23# ckleea


   
On the right hand side, you can see some familiar hackers name who might have visited you before.
作者: ckleea    時間: 2011-1-21 07:06

回復 24# bubblestar

After some manipulation, I have made my firewall rules in the routers. Always remember to drop unwanted connection first before allow accept

my set up as follow

screenshot.21-01-2011 06.59.13.jpg

圖片附件: [Firewall setting] screenshot.21-01-2011 06.59.13.jpg (2011-1-21 07:06, 296.23 KB) / 下載次數 1323
http://telecom-cafe.com/forum/attachment.php?aid=420&k=02424a887bc3ea52c3b78544233cc6bb&t=1744416955&sid=zrX9zV

作者: bubblestar    時間: 2011-1-21 10:07

哈哈! 銅牆鐵壁。

除非呢D Hackers 轉換Service Provider 再攞另一組ISP的IP ranges,否則真係不得其門而入了。
當然,他們還可以騎劫另一些第三者的IP再入侵,但一般按取易不取難的常理,真的沒有價值地為我們一般人做咁多野,才可以打個電話。 除非我地有一些非常吸引的地方,可以令到他們有非入不可的原因啦!

Good measures.
作者: ckleea    時間: 2011-1-21 10:14

不過都幾煩,要重新reorder the firewall rules
作者: bubblestar    時間: 2011-1-21 10:24

煩一次可以一勞永逸,值得的。
作者: bubblestar    時間: 2011-2-2 21:29

2 more new hackers' visit.  One from Russia and one from Switzerland.  I think they just scan randomly and tried only once and waived.

62.152.60.70:5191 from Russia

82.220.3.13:5145 from Switzerland

Interestingly and unanimously, these 2 hackers themselves are not using the default UDP port 5060.



歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/) Powered by Discuz! 7.2