Hacker en action

Posté par Cedric, le 03/04/2008 - Technologie

Pour ceux qui se demandent à quoi ressemble concrètement une attaque de hacker, voici un exemple simple.

A la commande suivante:

tail -200 /var/log/auth.log

Votre serveur Linux vous répond:

Apr  3 05:13:30 xxxxxx sshd[18197]: Invalid user dustin from 217.199.178.44
Apr  3 05:13:30 xxxxxx sshd[18200]: Invalid user dusty from 217.199.178.44
Apr  3 05:13:31 xxxxxx sshd[18203]: Invalid user joey from 217.199.178.44
Apr  3 05:13:31 xxxxxx sshd[18207]: Invalid user hirano from 217.199.178.44
Apr  3 05:13:31 xxxxxx sshd[18209]: Invalid user piranha from 217.199.178.44
Apr  3 05:13:31 xxxxxx sshd[18211]: Invalid user kobayashi from 217.199.178.44
Apr  3 05:13:31 xxxxxx sshd[18213]: Invalid user nishimura from 217.199.178.44
Apr  3 05:13:32 xxxxxx sshd[18215]: Invalid user nishida from 217.199.178.44
Apr  3 05:13:32 xxxxxx sshd[18217]: Invalid user ishihara from 217.199.178.44
Apr  3 05:13:32 xxxxxx sshd[18219]: Invalid user watanabe from 217.199.178.44
Apr  3 05:13:32 xxxxxx sshd[18223]: Invalid user glenn from 217.199.178.44
Apr  3 05:13:32 xxxxxx sshd[18227]: Invalid user hasegawa from 217.199.178.44
Apr  3 05:13:33 xxxxxx sshd[18229]: Invalid user suzuki from 217.199.178.44
Apr  3 05:13:33 xxxxxx sshd[18233]: Invalid user shimizu from 217.199.178.44
Apr  3 05:13:33 xxxxxx sshd[18236]: Invalid user wada from 217.199.178.44
Apr  3 05:13:33 xxxxxx sshd[18238]: Invalid user miyazaki from 217.199.178.44
Apr  3 05:13:33 xxxxxx sshd[18240]: Invalid user nakao from 217.199.178.44
Apr  3 05:13:33 xxxxxx sshd[18242]: Invalid user azuma from 217.199.178.44
Apr  3 05:13:34 xxxxxx sshd[18246]: Invalid user akiyama from 217.199.178.44
Apr  3 05:13:34 xxxxxx sshd[18248]: Invalid user katayama from 217.199.178.44
Apr  3 05:13:34 xxxxxx sshd[18252]: Invalid user kn from 217.199.178.44
Apr  3 05:13:35 xxxxxx sshd[18254]: Invalid user test from 217.199.178.44
Apr  3 05:13:35 xxxxxx sshd[18256]: Invalid user serwis from 217.199.178.44
Apr  3 05:13:35 xxxxxx sshd[18258]: Invalid user crowley from 217.199.178.44
Apr  3 05:13:35 xxxxxx sshd[18260]: Invalid user tomek from 217.199.178.44
Apr  3 05:13:35 xxxxxx sshd[18262]: Invalid user gizmo from 217.199.178.44
Apr  3 05:13:36 xxxxxx sshd[18264]: Invalid user zabbix from 217.199.178.44
Apr  3 05:13:36 xxxxxx sshd[18266]: Invalid user adsl from 217.199.178.44
Apr  3 05:13:36 xxxxxx sshd[18270]: Invalid user exam from 217.199.178.44
Apr  3 05:13:36 xxxxxx sshd[18272]: Invalid user puma from 217.199.178.44

En bon francais, ces lignes signifient qu'un programme pirate a pris possession d'un ordinateur et lance depuis cette adresse une série de tentative de connexion au serveur (en utilisant différents login, comme glen ou suzuki). Si vous êtes administrateur, il y a différents moyens de bloquer ce genre de tentatative. Comme elles se concentrent sur le port 22 (SSH), on peut utiliser un port non-conventionnel pour le SSH (c'est bête mais ca marche diablement bien), ou, plus classique, on peut logger ces tentatives infructueuses et blacklister totalement toute connection TCP avec cette IP pendant un certain temps avec Iptables. Cette série de scripts fait cela très bien.

tags: hacking, linux

A lire aussi: Comments Commentaires
Tu as fail2ban qui contre ce genre d'attaque.
http://www.fail2ban.org

Posted by [MA]Pascal on 29/04/2008

thank you! I like this news, I also have information to share, here is my message.
mbt mbt mbt 靴 mbt 靴 mbtシューズ mbt シューズ

Posted by mbt on 08/07/2010

2010 new styles A-line Wedding Dresses,Beach Wedding Dresses,Evening Dresses,Prom Dresses on sale
evening dresses
Prom dresses
wedding dresses
on best wedding dresses for 2009 and 2010. You can find latest collection of woman's dresses and casual dresses on this site
discount Prom dresses

Posted by dress on 13/07/2010

Nike Air Zoom Flight Club
Nike Air Zoom BB Low
Nike Zoom BB II
Nike Zoom Blur

Posted by nike shoes on sale on 21/07/2010

Ajouter un commentaire