Tweet
เค้าคือใครครับ แล้วเค้าพยายามเข้ามาเอาอะไรครับ 109.127.25.204 ลอง trace ดูแล้ว มาจากอาเซอไบจัน แล้ว firewall ดรอป package แบบนี้ปกติหรือเปล่า
ขอบคุณล่วงหน้าค๊าบบบ
Feb 8 13:07:28 hour monitor: daemon is starting
Feb 8 13:07:31 dropbear[11180]: Child connection from 109.127.25.204:49474
Feb 8 13:07:37 dropbear[11180]: Password auth succeeded for 'admin' from 109.127.25.204:49474
Feb 8 13:08:21 dropbear[11249]: Running in background
Feb 8 13:08:48 dropbear[11301]: Child connection from 109.127.25.204:53273
Feb 8 13:08:53 dropbear[11301]: Password auth succeeded for 'admin' from 109.127.25.204:53273
Feb 8 13:08:57 dropbear[11301]: User admin executing '/sbin/ifconfig'
Feb 8 13:08:58 kernel: DROP IN=ppp0 OUT= MAC= SRC=101.108.75.244 DST=118.172.226.235 LEN=80 TOS=0x00 PREC=0x00 TTL=119 ID=16946 PROTO=UDP SPT=22564 DPT=59214 LEN=60
Feb 8 13:08:59 dropbear[11301]: User admin executing 'cat /proc/meminfo'
Feb 8 13:09:01 kernel: DROP IN=ppp0 OUT= MAC= SRC=101.108.75.244 DST=118.172.226.235 LEN=80 TOS=0x00 PREC=0x00 TTL=119 ID=16947 PROTO=UDP SPT=22564 DPT=59214 LEN=60
Feb 8 13:09:01 dropbear[11301]: User admin executing '2>/dev/null sh -c 'cat /lib/libdl.so* || cat /lib/librt.so* || cat /bin/cat || cat /sbin/ifconfig''
Feb 8 13:09:03 kernel: DROP IN=ppp0 OUT= MAC= SRC=101.108.75.244 DST=118.172.226.235 LEN=80 TOS=0x00 PREC=0x00 TTL=119 ID=16948 PROTO=UDP SPT=22564 DPT=59214 LEN=60
Feb 8 13:09:04 dropbear[11301]: User admin executing 'cat /proc/version'
Feb 8 13:09:05 kernel: DROP IN=ppp0 OUT= MAC= SRC=101.108.75.244 DST=118.172.226.235 LEN=80 TOS=0x00 PREC=0x00 TTL=119 ID=16949 PROTO=UDP SPT=22564 DPT=59214 LEN=60
Feb 8 13:09:06 dropbear[11301]: User admin executing 'uptime'
ขอบคุณล่วงหน้าค๊าบบบ
Feb 8 13:07:28 hour monitor: daemon is starting
Feb 8 13:07:31 dropbear[11180]: Child connection from 109.127.25.204:49474
Feb 8 13:07:37 dropbear[11180]: Password auth succeeded for 'admin' from 109.127.25.204:49474
Feb 8 13:08:21 dropbear[11249]: Running in background
Feb 8 13:08:48 dropbear[11301]: Child connection from 109.127.25.204:53273
Feb 8 13:08:53 dropbear[11301]: Password auth succeeded for 'admin' from 109.127.25.204:53273
Feb 8 13:08:57 dropbear[11301]: User admin executing '/sbin/ifconfig'
Feb 8 13:08:58 kernel: DROP IN=ppp0 OUT= MAC= SRC=101.108.75.244 DST=118.172.226.235 LEN=80 TOS=0x00 PREC=0x00 TTL=119 ID=16946 PROTO=UDP SPT=22564 DPT=59214 LEN=60
Feb 8 13:08:59 dropbear[11301]: User admin executing 'cat /proc/meminfo'
Feb 8 13:09:01 kernel: DROP IN=ppp0 OUT= MAC= SRC=101.108.75.244 DST=118.172.226.235 LEN=80 TOS=0x00 PREC=0x00 TTL=119 ID=16947 PROTO=UDP SPT=22564 DPT=59214 LEN=60
Feb 8 13:09:01 dropbear[11301]: User admin executing '2>/dev/null sh -c 'cat /lib/libdl.so* || cat /lib/librt.so* || cat /bin/cat || cat /sbin/ifconfig''
Feb 8 13:09:03 kernel: DROP IN=ppp0 OUT= MAC= SRC=101.108.75.244 DST=118.172.226.235 LEN=80 TOS=0x00 PREC=0x00 TTL=119 ID=16948 PROTO=UDP SPT=22564 DPT=59214 LEN=60
Feb 8 13:09:04 dropbear[11301]: User admin executing 'cat /proc/version'
Feb 8 13:09:05 kernel: DROP IN=ppp0 OUT= MAC= SRC=101.108.75.244 DST=118.172.226.235 LEN=80 TOS=0x00 PREC=0x00 TTL=119 ID=16949 PROTO=UDP SPT=22564 DPT=59214 LEN=60
Feb 8 13:09:06 dropbear[11301]: User admin executing 'uptime'