Hacker IP log

角色

221.236.12.33  四川省成都市 电信

这位hacker用中国人常用的login 和 password作测试。但是由于我的passwords，正常需要最长300年才能测试出来，所以很多hackers，一般攻击不久就离开。所以我再打算把密码加长两位，加上大小写英文字母，最长需要7千万年才解开。估计用美国的超级电脑也需要这个时间，那么一般的hackers也有那么多的时间呢？

1. 3456 [Sep  6 07:45:52] NOTICE[20066] chan_sip.c: Registration from '"590940371"<sip:590940371@58.61.13.212>' failed for '221.236.12.33' - No matching peer found
   
2. 
   
3. 24300 [Sep  6 08:00:33] NOTICE[20066] chan_sip.c: Registration from '"3002" <sip:3002@58.61.13.212>' failed for '221.236.12.33' - Wrong password

複製代碼

这位hacker用了15分钟去攻击我的Asterisk Server。之前有一位克罗地亚的hacker花2个小时。


角色

bubblestar

2 more new hackers' visit.  One from Russia and one from Switzerland.  I think they just scan randomly and tried only once and waived.

62.152.60.70:5191 from Russia

82.220.3.13:5145 from Switzerland

Interestingly and unanimously, these 2 hackers themselves are not using the default UDP port 5060.

bubblestar

煩一次可以一勞永逸，值得的。

ckleea

不過都幾煩，要重新reorder the firewall rules

bubblestar

哈哈! 銅牆鐵壁。

除非呢D Hackers 轉換Service Provider 再攞另一組ISP的IP ranges，否則真係不得其門而入了。
當然，他們還可以騎劫另一些第三者的IP再入侵，但一般按取易不取難的常理，真的沒有價值地為我們一般人做咁多野，才可以打個電話。 除非我地有一些非常吸引的地方，可以令到他們有非入不可的原因啦!

Good measures.

ckleea

回復 24# bubblestar

After some manipulation, I have made my firewall rules in the routers. Always remember to drop unwanted connection first before allow accept

my set up as follow

下載 (296.23 KB)
Firewall setting

2011-1-21 07:06

bubblestar

回復 23# ckleea


   
On the right hand side, you can see some familiar hackers name who might have visited you before.

ckleea

回復 22# bubblestar


    very interesting site with information about complaints of an IP or webhost

bubblestar

Some active Asterisk Brute-force Hackers can be found in here

http://www.ipillion.com/ip/64.156.192.26

ckleea

The Hackers' IP ranges that I experienced or through the members here are as below:In view of above  ...
bubblestar 發表於 2011-1-19 15:32

A few more in my list
79.114.199.69
64.156.192.26
202.129.0.9

bubblestar

The Hackers' IP ranges that I experienced or through the members here are as below:

1. China Unicom Shandong                 119.176.0.0 - 119.191.255.255
   
2. China Chinanet Anhui                  60.166.0.0 - 60.175.255.255
   
3. China Tianjin Anteinfo                202.99.121.0 - 202.99.121.255
   
4. Netherlands NL Leaseweb               95.211.0.0 - 95.211.255.255
   
5. UNKNOWN THEPLANET                     174.132.0.0 - 174.133.255.255
   
6. Korea HANANET                         222.232.0.0 - 222.239.255.255
   
7. China CHINANET-Jiangsu                202.102.0.0 - 202.102.127.255
   
8. UK iDealhosting                       95.154.248.0 - 95.154.251.255
   
9. Middle-East Palestine                 188.161.128.0 - 188.161.255.255

複製代碼

In view of above record, more than 44% of hackers' IP come from China.  HOW BAD they are.  

I block all these IP ranges without ANY hesitation.  If anyone of you have some friends or relatives come from these Service Providers, you may adjust and fine tune by yourselves.  Otherwises, your contact with them may become disconnected.

ckleea

回復 18# bubblestar

Please consolidate the hackers IP here for both alertness and adaption into our firewall rules.

bubblestar

I think it is also better to enable DoS defend feature to avoid flooding attack.

bubblestar

Me too.  Once I was attacked by one of the IP in the range, I would block the whole IP range thru my Router settings.
My router can block a total of 256 IP ranges.  Now I've just used 9 IP ranges.  Still have much room to adopt this policy.  Above all, I am 100% sure I don't need to communicate anyone of these IP addresses.

ckleea

I have made a very aggressive approach to block a range of IP from 188.161.208.1 - 188.161.211.254