snazia sa ma hacknut?

Všetko o sieťach, nastaveniach, problémoch ...
Používateľov profilový obrázok
molnart
Pokročilý používateľ
Pokročilý používateľ
Príspevky: 6663
Dátum registrácie: Ut 19. Jún, 2012, 23:03
Bydlisko: Bratislava/Samorin

snazia sa ma hacknut?

Príspevok od používateľa molnart »

Znie to blbo, ale viete mi vysvetlit preco sa snazia v kuse prihlasit do mojho routra z cinskych ip adries? Hovoria vam nieco tie cisla portov ze o co sa snazia? (napr. pripojit sa na RDP ci daco?)

Podla niektorych zaznamov (napr. Jan 12 19:02:12 E3000 authpriv.info dropbear[12360]: Exit before auth: Incompatible remote version 'SSH-1.5-Nmap-SSH1-Hostkey') to tak vyzera ze neskusaju iba heslo ale aj nejake ssh kluce. Myslite ze mi bezi nieco v sieti co niekomu leakuje ze mam v kompe nieco zaujimave? vypol som access s wanu pre web aj ssh, portforwarding mam nastaveny len pre torrenty.

Kód: Vybrať všetko

Jan 12 01:03:06 E3000 authpriv.warn dropbear[9047]: Login attempt for nonexistent user from 103.70.225.204:46942
Jan 12 01:03:06 E3000 authpriv.warn dropbear[9047]: Login attempt for nonexistent user from 103.70.225.204:46942
Jan 12 01:03:07 E3000 authpriv.warn dropbear[9047]: Login attempt for nonexistent user from 103.70.225.204:46942
Jan 12 01:03:08 E3000 authpriv.info dropbear[9047]: Exit before auth: Exited normally
Jan 12 01:08:35 E3000 authpriv.warn dropbear[9064]: Login attempt for nonexistent user from 103.70.225.204:36493
Jan 12 01:08:36 E3000 authpriv.warn dropbear[9064]: Login attempt for nonexistent user from 103.70.225.204:36493
Jan 12 01:08:37 E3000 authpriv.warn dropbear[9064]: Login attempt for nonexistent user from 103.70.225.204:36493
Jan 12 01:08:37 E3000 authpriv.info dropbear[9064]: Exit before auth: Exited normally
Jan 12 01:14:11 E3000 authpriv.warn dropbear[9082]: Login attempt for nonexistent user from 103.70.225.204:41041
Jan 12 01:14:12 E3000 authpriv.warn dropbear[9082]: Login attempt for nonexistent user from 103.70.225.204:41041
Jan 12 01:14:13 E3000 authpriv.warn dropbear[9082]: Login attempt for nonexistent user from 103.70.225.204:41041
Jan 12 01:14:13 E3000 authpriv.info dropbear[9082]: Exit before auth: Exited normally
Jan 12 01:19:47 E3000 authpriv.warn dropbear[9099]: Login attempt for nonexistent user from 103.70.225.204:47385
Jan 12 01:19:47 E3000 authpriv.warn dropbear[9099]: Login attempt for nonexistent user from 103.70.225.204:47385
Jan 12 01:19:48 E3000 authpriv.warn dropbear[9099]: Login attempt for nonexistent user from 103.70.225.204:47385
Jan 12 01:19:49 E3000 authpriv.info dropbear[9099]: Exit before auth: Exited normally
Jan 12 01:25:24 E3000 authpriv.warn dropbear[9117]: Login attempt for nonexistent user from 103.70.225.204:58212
Jan 12 01:25:24 E3000 authpriv.warn dropbear[9117]: Login attempt for nonexistent user from 103.70.225.204:58212
Jan 12 01:25:25 E3000 authpriv.warn dropbear[9117]: Login attempt for nonexistent user from 103.70.225.204:58212
Jan 12 01:25:26 E3000 authpriv.info dropbear[9117]: Exit before auth: Exited normally
Jan 12 01:30:53 E3000 authpriv.warn dropbear[9134]: Login attempt for nonexistent user from 103.70.225.204:33275
Jan 12 01:30:53 E3000 authpriv.warn dropbear[9134]: Login attempt for nonexistent user from 103.70.225.204:33275
Jan 12 01:30:54 E3000 authpriv.warn dropbear[9134]: Login attempt for nonexistent user from 103.70.225.204:33275
Jan 12 01:30:54 E3000 authpriv.info dropbear[9134]: Exit before auth: Exited normally
Jan 12 01:36:23 E3000 authpriv.warn dropbear[9151]: Login attempt for nonexistent user from 103.70.225.204:48853
Jan 12 01:36:24 E3000 authpriv.warn dropbear[9151]: Login attempt for nonexistent user from 103.70.225.204:48853
Jan 12 01:36:24 E3000 authpriv.warn dropbear[9151]: Login attempt for nonexistent user from 103.70.225.204:48853
Jan 12 01:36:25 E3000 authpriv.info dropbear[9151]: Exit before auth: Exited normally
Jan 12 01:41:51 E3000 authpriv.warn dropbear[9168]: Login attempt for nonexistent user from 103.70.225.204:54993
Jan 12 01:41:51 E3000 authpriv.warn dropbear[9168]: Login attempt for nonexistent user from 103.70.225.204:54993
Jan 12 01:41:52 E3000 authpriv.warn dropbear[9168]: Login attempt for nonexistent user from 103.70.225.204:54993
Jan 12 01:41:53 E3000 authpriv.info dropbear[9168]: Exit before auth: Exited normally
Jan 12 01:47:36 E3000 authpriv.warn dropbear[9186]: Login attempt for nonexistent user from 103.70.225.204:46017
Jan 12 01:47:37 E3000 authpriv.warn dropbear[9186]: Login attempt for nonexistent user from 103.70.225.204:46017
Jan 12 01:47:37 E3000 authpriv.warn dropbear[9186]: Login attempt for nonexistent user from 103.70.225.204:46017
Jan 12 01:47:38 E3000 authpriv.info dropbear[9186]: Exit before auth: Exited normally
Jan 12 01:53:11 E3000 authpriv.warn dropbear[9204]: Login attempt for nonexistent user from 103.70.225.204:44265
Jan 12 01:53:12 E3000 authpriv.warn dropbear[9204]: Login attempt for nonexistent user from 103.70.225.204:44265
Jan 12 01:53:13 E3000 authpriv.warn dropbear[9204]: Login attempt for nonexistent user from 103.70.225.204:44265
Jan 12 01:53:14 E3000 authpriv.info dropbear[9204]: Exit before auth: Exited normally
Jan 12 01:58:43 E3000 authpriv.warn dropbear[9220]: Login attempt for nonexistent user from 103.70.225.204:36939
Jan 12 01:58:44 E3000 authpriv.warn dropbear[9220]: Login attempt for nonexistent user from 103.70.225.204:36939
Jan 12 01:58:44 E3000 authpriv.warn dropbear[9220]: Login attempt for nonexistent user from 103.70.225.204:36939
Jan 12 01:58:45 E3000 authpriv.info dropbear[9220]: Exit before auth: Exited normally
Jan 12 02:04:12 E3000 authpriv.warn dropbear[9238]: Login attempt for nonexistent user from 103.70.225.204:33172
Jan 12 02:04:12 E3000 authpriv.warn dropbear[9238]: Login attempt for nonexistent user from 103.70.225.204:33172
Jan 12 02:04:13 E3000 authpriv.warn dropbear[9238]: Login attempt for nonexistent user from 103.70.225.204:33172
Jan 12 02:04:14 E3000 authpriv.info dropbear[9238]: Exit before auth: Exited normally
Jan 12 03:19:56 E3000 authpriv.info dropbear[9472]: Exit before auth (user 'root', 10 fails): Max auth tries reached - user 'root' from 191.85.136.138:43790
Jan 12 06:29:40 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:41 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:41 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:42 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:43 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:43 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:44 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:44 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:45 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:46 E3000 authpriv.warn dropbear[10050]: Login attempt for nonexistent user from 112.233.112.160:44263
Jan 12 06:29:46 E3000 authpriv.info dropbear[10050]: Exit before auth: Max auth tries reached - user 'is invalid' from 112.233.112.160:44263
Jan 12 08:51:26 E3000 authpriv.info dropbear[10477]: Exit before auth (user 'root', 5 fails): Error reading: Connection reset by peer
Jan 12 08:54:31 E3000 authpriv.info dropbear[10487]: Exit before auth (user 'root', 5 fails): Error reading: Connection reset by peer
Jan 12 08:55:43 E3000 authpriv.info dropbear[10491]: Exit before auth (user 'root', 5 fails): Error reading: Connection reset by peer
Jan 12 08:56:02 E3000 authpriv.info dropbear[10493]: Exit before auth (user 'root', 5 fails): Error reading: Connection reset by peer
Jan 12 08:56:37 E3000 authpriv.info dropbear[10496]: Exit before auth (user 'root', 5 fails): Error reading: Connection reset by peer
Jan 12 08:58:50 E3000 authpriv.info dropbear[10503]: Exit before auth (user 'root', 5 fails): Error reading: Connection reset by peer
Jan 12 09:55:20 E3000 authpriv.info dropbear[10671]: Exit before auth (user 'root', 10 fails): Max auth tries reached - user 'root' from 114.228.172.134:53034
Jan 12 14:18:16 E3000 authpriv.info dropbear[11480]: Exit before auth: Exited normally
Jan 12 14:18:19 E3000 authpriv.info dropbear[11481]: Exit before auth: Exited normally
Jan 12 14:41:21 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:23 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:24 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:27 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:27 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:27 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:28 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:29 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:29 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:29 E3000 authpriv.warn dropbear[11561]: Login attempt for nonexistent user from 87.186.21.65:39734
Jan 12 14:41:30 E3000 authpriv.info dropbear[11561]: Exit before auth: Max auth tries reached - user 'is invalid' from 87.186.21.65:39734
Jan 12 17:22:07 E3000 authpriv.info dropbear[12053]: Exit before auth (user 'root', 10 fails): Max auth tries reached - user 'root' from 115.199.207.48:35907
Jan 12 19:01:57 E3000 authpriv.info dropbear[12359]: Exit before auth: Exited normally
Jan 12 19:02:12 E3000 authpriv.info dropbear[12360]: Exit before auth: Incompatible remote version 'SSH-1.5-Nmap-SSH1-Hostkey'
Jan 12 19:12:16 E3000 authpriv.info dropbear[12391]: Exit before auth: Exited normally
Jan 12 19:12:26 E3000 authpriv.info dropbear[12393]: Exit before auth: Exited normally
Jan 12 19:14:55 E3000 authpriv.info dropbear[12401]: Exit before auth: Exited normally
Jan 12 19:15:01 E3000 authpriv.info dropbear[12402]: Exit before auth: Exited normally
Jan 12 20:07:36 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:36 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:37 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:38 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:38 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:39 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:39 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:40 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:41 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:41 E3000 authpriv.warn dropbear[12655]: Login attempt for nonexistent user from 177.87.176.206:54199
Jan 12 20:07:42 E3000 authpriv.info dropbear[12655]: Exit before auth: Max auth tries reached - user 'is invalid' from 177.87.176.206:54199
Jan 12 20:21:29 E3000 authpriv.warn dropbear[12855]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 12 20:21:29 E3000 authpriv.info dropbear[12861]: Running in background
Spoiler: ukázať
PC: CPU: Intel Core i5 12600K with Silentium Fortis 5 ARGB MB: MSI Tomahawk Z690 DDR4 RAM: 2x 16GB G.Skill Ripjaws V 4400-19 DDR4 GPU: GigaByte Eagle GeForce RTX 3060 Ti OC HDD: Samsung 970 1GB GB PSU: Corsair RMx (2018) 650W Case: Fractal Meshify 2 Compact Monitor: Philips 272B7QPJEB OS: Win 11 64-bit
Notebook: HP EliteBook 840 G6 Core i5 8265U, 16 GB RAM, 512 GB SSD
Server: HP Microserver Gen8 Xeon E3-1265Lv2, 16GB ECC DDR3 OS: PVE + OMV + OPNsense
Phone: Samsung Galaxy A52s
Tablet: iPad Pro 11 (2018)
Kaper

Re: snazia sa ma hacknut?

Príspevok od používateľa Kaper »

Možno by pomohlo napísať aký používaš router, resp. systém v ňom. Ja som mal niečo podobné na OpenWRT, kde som mal vypnutý FW.
mp3turbo
Pokročilý používateľ
Pokročilý používateľ
Príspevky: 12258
Dátum registrácie: St 27. Apr, 2011, 11:16
Bydlisko: ta Blava, ňe ?

Re: snazia sa ma hacknut?

Príspevok od používateľa mp3turbo »

nepomohlo - su to uplne normalne štichpróby zo zavirenych masin na internete, najdes to na kazdej verejnej adrese. Neurobis s tym nic.

Tie porty ktore su tam ukazane su zdrojove porty na druhej strane - tebe sa snazia pripojit na router zrejme na SSH port a skusaju uzivatelov doradu z nejakeho slovnika.
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
Používateľov profilový obrázok
molnart
Pokročilý používateľ
Pokročilý používateľ
Príspevky: 6663
Dátum registrácie: Ut 19. Jún, 2012, 23:03
Bydlisko: Bratislava/Samorin

Re: snazia sa ma hacknut?

Príspevok od používateľa molnart »

pouzivam tomato. nie je tam vyslovenie funkcia pre zapnutie/vypnutie FW, ale mam zapnuty NAT loopback (tu mam vsetky nastavenia na default, nikdy som to nemenil lebo vacsine nerozumiem)
Spoiler: ukázať
PC: CPU: Intel Core i5 12600K with Silentium Fortis 5 ARGB MB: MSI Tomahawk Z690 DDR4 RAM: 2x 16GB G.Skill Ripjaws V 4400-19 DDR4 GPU: GigaByte Eagle GeForce RTX 3060 Ti OC HDD: Samsung 970 1GB GB PSU: Corsair RMx (2018) 650W Case: Fractal Meshify 2 Compact Monitor: Philips 272B7QPJEB OS: Win 11 64-bit
Notebook: HP EliteBook 840 G6 Core i5 8265U, 16 GB RAM, 512 GB SSD
Server: HP Microserver Gen8 Xeon E3-1265Lv2, 16GB ECC DDR3 OS: PVE + OMV + OPNsense
Phone: Samsung Galaxy A52s
Tablet: iPad Pro 11 (2018)
Používateľov profilový obrázok
molnart
Pokročilý používateľ
Pokročilý používateľ
Príspevky: 6663
Dátum registrácie: Ut 19. Jún, 2012, 23:03
Bydlisko: Bratislava/Samorin

Re: snazia sa ma hacknut?

Príspevok od používateľa molnart »

len ma zaujima podla coho zo 4 miliard IPv4 adries zacali hackovat prave moju, nieco ich tam muselo nalakat. ked som videl tie cinske IP-cka tak hned mi napadla xiaomi appka ktora im moze nieco vysielat. pripadne niekto zaveseny na torrentoch fishuje adresy a potom takymto bruteforcom sa do nich snazi naburat. a este otazka co by ziskali kebyze sa dostanu cez ssh do routra? zaujimave data su az v kompoch a cez router dostat malware to windowsackeho alebo androidackeho systemu asi nie je len tak, ci? jedine by sa vedeli dostat mozno k fileshareom vo vnutornej sieti.
Spoiler: ukázať
PC: CPU: Intel Core i5 12600K with Silentium Fortis 5 ARGB MB: MSI Tomahawk Z690 DDR4 RAM: 2x 16GB G.Skill Ripjaws V 4400-19 DDR4 GPU: GigaByte Eagle GeForce RTX 3060 Ti OC HDD: Samsung 970 1GB GB PSU: Corsair RMx (2018) 650W Case: Fractal Meshify 2 Compact Monitor: Philips 272B7QPJEB OS: Win 11 64-bit
Notebook: HP EliteBook 840 G6 Core i5 8265U, 16 GB RAM, 512 GB SSD
Server: HP Microserver Gen8 Xeon E3-1265Lv2, 16GB ECC DDR3 OS: PVE + OMV + OPNsense
Phone: Samsung Galaxy A52s
Tablet: iPad Pro 11 (2018)
LordKJ
Sponzor fóra gold
Sponzor fóra gold
Príspevky: 7729
Dátum registrácie: Po 28. Feb, 2011, 11:49
Bydlisko: Bratislava

Re: snazia sa ma hacknut?

Príspevok od používateľa LordKJ »

preco by ich malo nieco lakat?, verejne ipcky sa bezne skenuju
Kaper

Re: snazia sa ma hacknut?

Príspevok od používateľa Kaper »

Tak tak. A je divné že tam nemáš žiadny FW... ja mám OpenWRT, resp. PandoraBox na Xiaomi Mini a mám to isté ale pozapnutí FW už v logoch nić nemám.
mp3turbo
Pokročilý používateľ
Pokročilý používateľ
Príspevky: 12258
Dátum registrácie: St 27. Apr, 2011, 11:16
Bydlisko: ta Blava, ňe ?

Re: snazia sa ma hacknut?

Príspevok od používateľa mp3turbo »

nerob si z toho vobec ziadnu hlavu, je to uplne normalne na verejnych IPckach.
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.

Návrat na "Siete"