трудяги...

Nov. 10th, 2012 08:44 pm
sfy: (Default)
[personal profile] sfy
Ломают типа. Кулхацкеры

System Log

Date/Time Facility Severity Message
Nov 10 17:05:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=91.220.230.24 DST=95.72.63.233 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=3032 DF PROTO=TCP SPT=52055 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 17:15:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=31.181.51.223 DST=95.72.63.233 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=22342 DF PROTO=TCP SPT=54207 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 17:19:32 syslog info -- MARK --
Nov 10 17:25:58 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=46.229.141.93 DST=95.72.63.233 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=17904 DF PROTO=TCP SPT=6235 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 17:35:58 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=46.36.12.121 DST=95.72.63.233 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=24395 DF PROTO=TCP SPT=57641 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 17:45:58 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=95.220.214.192 DST=95.72.63.233 LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=14286 DF PROTO=TCP SPT=55095 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 17:55:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=5.53.17.84 DST=95.72.63.233 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=23650 DF PROTO=TCP SPT=50198 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 18:05:58 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=5.167.129.74 DST=95.72.63.233 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=31197 DF PROTO=TCP SPT=1053 DPT=6881 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 10 18:15:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=77.247.239.244 DST=95.72.63.233 LEN=48 TOS=0x00 PREC=0x80 TTL=121 ID=30920 DF PROTO=TCP SPT=57864 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 18:19:32 syslog info -- MARK --
Nov 10 18:25:58 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=217.118.95.74 DST=95.72.63.233 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=3447 DF PROTO=TCP SPT=49731 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 18:35:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=176.62.248.7 DST=95.72.63.233 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=26417 DF PROTO=TCP SPT=58160 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 18:39:05 user warn dnsprobe[576]: dns query failed
Nov 10 18:45:58 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=188.237.167.77 DST=95.72.63.233 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=41269 DF PROTO=TCP SPT=3099 DPT=6881 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 10 18:55:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=213.111.132.123 DST=95.72.63.233 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=5809 DF PROTO=TCP SPT=59279 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 19:05:58 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=91.226.142.235 DST=95.72.63.233 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=40450 DF PROTO=TCP SPT=3754 DPT=6881 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 10 19:15:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=95.165.205.50 DST=95.72.63.233 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=16726 DF PROTO=TCP SPT=58560 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 10 19:19:33 syslog info -- MARK --
Nov 10 19:25:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=37.76.149.22 DST=95.72.63.233 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=6526 DF PROTO=TCP SPT=1708 DPT=47400 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 10 19:35:59 user alert kernel: Intrusion -> IN=ppp_0_0_35_1 OUT= MAC= SRC=79.165.249.232 DST=95.72.63.233 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=17650 DF PROTO=TCP SPT=65474 DPT=6881 WINDOW=8192 RES=0x00 SYN URGP=0
 

 


  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2012-11-11 11:54 am (UTC)
dil: (Default)
From: [personal profile] dil
[telepathy mode on]
это у тебя битторрент на порту 6881 живёт?
[telepathy mode off]

Date: 2012-11-11 12:15 pm (UTC)
sfy: (Default)
From: [personal profile] sfy
Не-а. Торрент у меня вручную запускается,

Активные подключения

Имя Локальный адрес Внешний адрес Состояние
TCP 127.0.0.1:5550 sfy-Home:65283 ESTABLISHED
TCP 127.0.0.1:49164 sfy-Home:49165 ESTABLISHED
TCP 127.0.0.1:49165 sfy-Home:49164 ESTABLISHED
TCP 127.0.0.1:53358 sfy-Home:53359 ESTABLISHED
TCP 127.0.0.1:53359 sfy-Home:53358 ESTABLISHED
TCP 127.0.0.1:65283 sfy-Home:5550 ESTABLISHED
TCP 192.168.1.163:49155 173.194.35.224:https ESTABLISHED
TCP 192.168.1.163:49162 80-239-254-33:http TIME_WAIT
TCP 192.168.1.163:49164 80-239-254-35:http TIME_WAIT
TCP 192.168.1.163:49166 173.194.35.239:https ESTABLISHED
TCP 192.168.1.163:49169 85:http TIME_WAIT
TCP 192.168.1.163:49170 173.194.35.227:http TIME_WAIT
TCP 192.168.1.163:49172 85:http TIME_WAIT
TCP 192.168.1.163:49174 80-239-254-10:http TIME_WAIT
TCP 192.168.1.163:49175 cache:https TIME_WAIT
TCP 192.168.1.163:49176 cache:https ESTABLISHED
TCP 192.168.1.163:49177 mail:https TIME_WAIT
TCP 192.168.1.163:49178 channel-ecmp-05-ash3:http ESTABLISHED
TCP 192.168.1.163:49179 r:https ESTABLISHED
TCP 192.168.1.163:49186 dreamwidth:http TIME_WAIT
TCP 192.168.1.163:61130 173.194.35.224:http CLOSE_WAIT
TCP 192.168.1.163:65182 xiva-daria:https ESTABLISHED
TCP 192.168.1.163:65226 157.55.56.145:40020 ESTABLISHED
TCP 192.168.1.163:65228 db3msgr6011409:https ESTABLISHED
TCP 192.168.1.163:65242 91.190.218.53:12350 ESTABLISHED
TCP 192.168.1.163:65247 jabber-03-01-snc6:5222 ESTABLISHED
TCP 192.168.1.163:65285 push:5222 ESTABLISHED
TCP 192.168.1.163:65449 www-01-02-ams2:http TIME_WAIT
TCP 192.168.1.163:65450 channel-ecmp-05-ash3:http TIME_WAIT
^C

Date: 2012-11-13 01:23 pm (UTC)
dil: (Default)
From: [personal profile] dil
А что у тебя тогда живёт на этотм 6881 порту, что все туда ломятся?

Date: 2012-11-13 01:31 pm (UTC)
sfy: (Default)
From: [personal profile] sfy
А вот это - ХЗ.
> ps
PID Uid VmSize Stat Command
1 admin 136 S init
2 admin SWN [ksoftirqd/0]
3 admin SW< [events/0]
4 admin SW< [khelper]
5 admin SW< [kblockd/0]
6 admin SW [pdflush]
7 admin SW [pdflush]
8 admin SW [kswapd0]
9 admin SW< [aio/0]
10 admin SW [mtdblockd]
17 admin 164 S -sh
51 admin 240 S cfm
151 admin 128 S pvc2684d
228 admin 224 S dhcpd
259 admin 168 S syslogd -C -l 7
262 admin 144 S klogd
264 admin 148 S sntp -s clock.fmt.he.net -s time.nist.gov -t Baghdad
275 admin 436 S httpd
279 admin 296 S pppd plugin pppoe nas_0_0_35 nodetach user 286302_R p
576 admin 148 S /bin/dnsprobe
580 admin 184 S upnp -L br0 -W ppp_0_0_35_1 -D
4193 admin 364 S telnetd
4194 admin 532 S telnetd
4209 admin 248 S sh -c ps
4210 admin 248 R ps
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

sfy: (Default)
sfy

December 2013

S M T W T F S
1234567
891011121314
15161718192021
22232425262728
2930 31    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 25th, 2026 09:02 pm
Powered by Dreamwidth Studios