[その他の不正アクセスの記録] ●4月22日 オーストラリアからの不正アクセス srv01:~# cat syslog Apr 22 23:58:29 srv01 portmap[3774]: connect from 203.108.202.44 to dump(): request from unauthorized host  国内サイト経由で、portmapに接続 srv01:~# nslookup > set type=ns > 202.108.203.in-addr.arpa Non-authoritative answer: 202.108.203.in-addr.arpa nameserver = oznet.ozemail.com.au 202.108.203.in-addr.arpa nameserver = oznet02.ozemail.com.au  DNSを調べると、オーストラリアからの不正アクセス ●4月25日 イスラエルからの不正アクセス srv01:~# cat syslog Apr 25 00:20:30 srv01 in.telnetd[13344]: refused connect from bond007@d020.pop135-2.israsrv.net.il Apr 25 00:21:00 srv01 in.telnetd[13345]: refused connect from bond007@d020.pop135-2.israsrv.net.il  イスラエルからの直接アクセスは、tcp_wrapperにより、接続拒否 srv01:~# nslookup d020.pop135-2.israsrv.net.il Non-authoritative answer: Name: d020.pop135-2.israsrv.net.il Address: 192.117.206.20 srv01:~# netstat Sat Apr 25 00:21:01 JST 1998 Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (State) User tcp 1 1 210.154.87.18:1188 192.117.206.20:113 LAST_ACK root tcp 1 0 210.154.87.18:1184 192.117.206.20:113 TIME_WAIT root ●4月26日 ask.or.jpからの不正アクセス srv01:~# last ftp ftp telnet.ask.or.jp Sun Apr 26 01:25 - 01:26 (00:01)  ask.or.jpから、ftpによる不正アクセス srv01:~# nslookup telnet.ask.or.jp Name: telnet.ask.or.jp Address: 203.179.96.6 srv01:~# netstat Sun Apr 26 01:27:01 JST 1998 Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (State) User tcp 1 0 210.154.87.18:21 203.179.96.6:60750 TIME_WAIT root srv01:~# cat messages Apr 26 01:33:47 name wu.ftpd[19718]: connect from telnet.ask.or.jp Apr 26 01:34:18 name ftpd[19718]: USER joe-mas Apr 26 01:34:26 name ftpd[19718]: PASS password Apr 26 01:34:27 name ftpd[19718]: failed login from telnet.ask.or.jp [203.179.96.6], joe-mas Apr 26 01:34:39 name ftpd[19718]: QUIT Apr 26 01:34:39 name ftpd[19718]: FTP session closed  joe-mas でログインしようとしたが失敗 ●4月26日 so-net.ne.jp からの不正アクセス Apr 26 14:38:24 name in.telnetd[22868]: refused connect from p84d764.spp5.ap.so-net.ne.jp ●4月28日 www.telpitweb.or.jpからのパスワードファイルの盗難 srv01:~# cat syslog Apr 28 01:06:20 name in.rlogind[30236]: refused connect from www.telpitweb.or.jp Apr 28 01:06:46 name in.telnetd[30237]: refused connect from www.telpitweb.or.jp  rlogin と telnet のアクセスは、tcp_wrapperにより、接続拒否 srv01:~# last kim ftp www.telpitweb.or Tue Apr 28 01:07 - 01:07 (00:00)  ftp による www.telpitweb.or.jp からの不正アクセス srv01:~# cat messages Apr 28 01:07:04 name wu.ftpd[30238]: connect from www.telpitweb.or.jp Apr 28 01:07:10 name ftpd[30238]: USER kim Apr 28 01:07:19 name ftpd[30238]: PASS password Apr 28 01:07:28 name ftpd[30238]: PORT Apr 28 01:07:28 name ftpd[30238]: RETR /etc/passwd Apr 28 01:07:34 name ftpd[30238]: QUIT Apr 28 01:07:34 name ftpd[30238]: FTP session closed  /etc/passwd を盗まれた ●4月28日 gen@INS45.tokyo-ap3.dti.ne.jp からの不正アクセス srv01:~# cat messages Apr 28 22:33:17 name in.telnetd[2459]: refused connect from gen@INS45.tokyo-ap3.dti.ne.jp Apr 28 22:33:30 name ps[2462]: refused connect from gen@INS45.tokyo-ap3.dti.ne.jp ●5月2日 匿名サイトからの不正アクセス srv01:~# cat messages May 2 01:21:50 name wu.ftpd[23931]: warning: can't get client address: Connection reset by peer May 2 01:21:50 name wu.ftpd[23931]: refused connect from unknown ●5月3日 匿名サイトからの不正アクセス srv01:~# cat messages May 3 06:45:01 name in.telnetd[29941]: warning: can't get client address: Connection reset by peer May 3 06:45:01 name in.telnetd[29941]: refused connect from unknown ●5月3日 telia.com からの不正アクセス srv01:~# cat messages May 3 06:53:26 name in.telnetd[29960]: refused connect from t7o207p58.telia.com ●5月7日 din.or.jp からの不正アクセス srv01:~# cat messages May 7 16:08:38 srv01 wu.ftpd[8892]: connect from ppp04-152.din.or.jp May 7 16:10:22 srv01 ftpd[8892]: FTP session closed May 7 16:10:45 srv01 wu.ftpd[8903]: connect from ppp04-152.din.or.jp May 7 16:10:45 srv01 ftpd[8903]: USER Guest May 7 16:10:45 srv01 ftpd[8903]: PASS password May 7 16:10:46 srv01 ftpd[8903]: failed login from ppp04-152.din.or.jp [210.135.68.183], Guest May 7 16:10:48 srv01 ftpd[8903]: FTP session closed May 7 16:10:53 srv01 wu.ftpd[8904]: connect from ppp04-152.din.or.jp May 7 16:10:53 srv01 ftpd[8904]: USER Guest May 7 16:10:53 srv01 ftpd[8904]: PASS password May 7 16:10:54 srv01 ftpd[8904]: failed login from ppp04-152.din.or.jp [210.135.68.183], Guest May 7 16:10:57 srv01 ftpd[8904]: FTP session closed May 7 16:11:02 srv01 wu.ftpd[8905]: connect from ppp04-152.din.or.jp May 7 16:12:36 srv01 ftpd[8905]: FTP session closed ●5月11日 イスラエルからの不正アクセス srv01:~# cat syslog May 11 18:02:53 srv01 in.telnetd[15680]: refused connect from root@server.ben-gurion.hasharon.k12.il May 11 18:06:08 srv01 wu.ftpd[15698]: refused connect from 192.114.208.195May 12 17:49:34 srv01 wu.ftpd[21149]: refused connect from bond007@192.114.208.99 ●5月12日 イスラエルからの不正アクセス srv01:~# cat syslog May 12 17:49:34 srv01 wu.ftpd[21149]: refused connect from bond007@192.114.208.99