这样算不算受到攻击了？

zonzi · 发表于 2004-6-5 08:44:12

May 31 22:31:11 localhost proftpd[7265] localhost (170.2.208.supralink.com[216.208.2.170]): FTP session opened.
Jun 02 15:46:01 localhost proftpd[1502] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): FTP session opened.
Jun 02 15:46:03 localhost proftpd[1502] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): no such user 'kamui'
Jun 02 15:46:03 localhost proftpd[1502] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): USER kamui: no such user found from d213-103-220-182.cust.tele2.fr [213.103.220.182] to 80.238.44.191:21
Jun 02 15:47:55 localhost proftpd[1531] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): FTP session opened.
Jun 02 15:47:57 localhost proftpd[1531] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): no such user 'kamui'
Jun 02 15:47:57 localhost proftpd[1531] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): USER kamui: no such user found from d213-103-220-182.cust.tele2.fr [213.103.220.182] to 80.238.44.191:21
Jun 02 15:48:47 localhost proftpd[1534] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): FTP session opened.
Jun 02 15:48:49 localhost proftpd[1534] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): no such user 'kamui'
Jun 02 15:48:49 localhost proftpd[1534] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): USER kamui: no such user found from d213-103-220-182.cust.tele2.fr [213.103.220.182] to 80.238.44.191:21
Jun 02 15:50:02 localhost proftpd[1539] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): FTP session opened.
Jun 02 15:50:04 localhost proftpd[1539] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): no such user 'kamui'
Jun 02 15:50:04 localhost proftpd[1539] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): USER kamui: no such user found from d213-103-220-182.cust.tele2.fr [213.103.220.182] to 80.238.44.191:21
Jun 02 15:50:07 localhost proftpd[1540] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): FTP session opened.
Jun 02 15:50:09 localhost proftpd[1540] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): no such user 'kamui'
Jun 02 15:50:09 localhost proftpd[1540] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): USER kamui: no such user found from d213-103-220-182.cust.tele2.fr [213.103.220.182] to 80.238.44.191:21
Jun 02 15:51:18 localhost proftpd[1541] localhost (TVT-CaTV-dhcp-44-79.urbanet.ch[80.238.44.79]): FTP session opened.
Jun 02 15:51:18 localhost proftpd[1541] localhost (TVT-CaTV-dhcp-44-79.urbanet.ch[80.238.44.79]): no such user 'kamui'
Jun 02 15:51:18 localhost proftpd[1541] localhost (TVT-CaTV-dhcp-44-79.urbanet.ch[80.238.44.79]): USER kamui: no such user found from TVT-CaTV-dhcp-44-79.urbanet.ch [80.238.44.79] to 80.238.44.191:21
Jun 02 15:51:38 localhost proftpd[1542] localhost (TVT-CaTV-dhcp-44-79.urbanet.ch[80.238.44.79]): FTP session opened.
Jun 02 15:51:38 localhost proftpd[1542] localhost (TVT-CaTV-dhcp-44-79.urbanet.ch[80.238.44.79]): no such user 'kamui'
Jun 02 15:51:38 localhost proftpd[1542] localhost (TVT-CaTV-dhcp-44-79.urbanet.ch[80.238.44.79]): USER kamui: no such user found from TVT-CaTV-dhcp-44-79.urbanet.ch [80.238.44.79] to 80.238.44.191:21
Jun 02 15:53:17 localhost proftpd[1543] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): FTP session opened.
Jun 02 15:53:19 localhost proftpd[1543] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): no such user 'kamui'
Jun 02 15:53:19 localhost proftpd[1543] localhost (d213-103-220-182.cust.tele2.fr[213.103.220.182]): USER kamui: no such user found from d213-103-220-182.cust.tele2.fr [213.103.220.182] to 80.238.44.191:21
Jun 02 23:15:32 localhost proftpd[2462] localhost (d80-170-160-105.cust.tele2.fr[80.170.160.105]): FTP session opened.
Jun 02 23:15:33 localhost proftpd[2462] localhost (d80-170-160-105.cust.tele2.fr[80.170.160.105]): no such user 'kamui'
Jun 02 23:15:33 localhost proftpd[2462] localhost (d80-170-160-105.cust.tele2.fr[80.170.160.105]): USER kamui: no such user found from d80-170-160-105.cust.tele2.fr [80.170.160.105] to 80.238.44.191:21
Jun 03 00:41:45 localhost proftpd[2498] localhost (d80-170-160-105.cust.tele2.fr[80.170.160.105]): FTP session opened.
Jun 03 00:41:45 localhost proftpd[2498] localhost (d80-170-160-105.cust.tele2.fr[80.170.160.105]): no such user 'kamui'
Jun 03 00:41:45 localhost proftpd[2498] localhost (d80-170-160-105.cust.tele2.fr[80.170.160.105]): USER kamui: no such user found from d80-170-160-105.cust.tele2.fr [80.170.160.105] to 80.238.44.191:21

**********************************************************************

i)用的是dynamic ip
ii) 绝对没有过kamui这个帐户
iii)那个人显然不是用我的ftp来下载文件的，至少从来没用过anonymous登陆
iv)今天ip很奇怪:xxx.219.xxx.1
谁能告诉我他怎么找到我的ip的？
是不是那个人准备攻击我？
怎么防范他的攻击？
如果设置一下iptables会不会好些？
还有一个怪问题
May 31 22:31:11 localhost proftpd[7265]: warning: can't verify hostname: gethostbyname(170.2.208.supralink.com) failed
是什么意思？
多谢帮助！！！！！

Snoopy · 发表于 2004-6-5 17:27:45

可能是在测试你的ftp用户密码

smile787 · 发表于 2004-6-5 18:21:25

不知道频率高否?可能想豪你的资源,

zonzi · 发表于 2004-6-5 19:38:22

最初由 pinksnoopy 发表
可能是在测试你的ftp用户密码

为什么要测试我的用户密码？
现在看到好几台机器都有这种情况（不同地方的....)

Snoopy · 发表于 2004-6-5 20:31:37

我的猜测是这样的,人家用字典在跑你的密码,

因为你的用户不存在,速度非常快的话,应该是攻击,不过可能性不高

faint · 发表于 2004-6-7 11:46:10

有人在扫描你:-)

dancingpig · 发表于 2004-6-7 14:54:51

很多人喜欢找匿名或者容易登陆的ftp，放东西

zonzi · 发表于 2004-6-7 15:49:17

请问他是怎么找到我的？

Snoopy · 发表于 2004-6-7 16:41:31

人家扫ftp时,先扫些有谁开ftp服务,再进行creck密码或是攻击

当然你就被人扫到开ftp了

zonzi · 发表于 2004-6-7 16:56:26

不过看上去方法很菜，估计那个ip地址是他的真实ip地址........

		自动登录	找回密码
密码			注册