+ Responder ao Tópico



  1. #1

    Padrão É tentativa de invasão

    Ola pessoal!
    Gostaria de saber se estas mensagem são de tentativas de invasão no meu servidor, recebo um log todos os dias como esse:

    ################### LogWatch 4.3.1 (01/13/03) ####################
    Processing Initiated: Fri Jul 18 04:02:20 2003
    Date Range Processed: yesterday
    Detail Level of Output: 0

    --------------------- samba Begin ------------------------

    Connections Denied:
    lib/access.c:check_access(333) (210.21.107.130) : 1 Time(s)
    lib/access.c:check_access(333) (62.111.253.1<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (206.48.237.5<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (81.213.56.241) : 1 Time(s)
    lib/access.c:check_access(333) (80.38.237.104) : 1 Time(s)
    lib/access.c:check_access(333) (200.38.5.17) : 1 Time(s)
    lib/access.c:check_access(333) (148.233.93.51) : 1 Time(s)
    lib/access.c:check_access(333) (218.70.147.14<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (200.76.228.55) : 1 Time(s)
    lib/access.c:check_access(333) (210.233.188.153) : 1 Time(s)
    lib/access.c:check_access(333) (62.248.38.112) : 1 Time(s)
    lib/access.c:check_access(333) (61.179.47.66) : 1 Time(s)
    lib/access.c:check_access(333) (80.133.107.10) : 1 Time(s)
    lib/access.c:check_access(333) (169.237.39.245) : 1 Time(s)
    lib/access.c:check_access(333) (80.50.129.6) : 1 Time(s)
    lib/access.c:check_access(333) (148.223.60.92) : 1 Time(s)
    lib/access.c:check_access(333) (67.42.56.14<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (61.36.204.2) : 1 Time(s)
    lib/access.c:check_access(333) (61.142.93.201) : 1 Time(s)
    lib/access.c:check_access(333) (218.163.134.34) : 1 Time(s)
    lib/access.c:check_access(333) (81.51.29.22) : 1 Time(s)
    lib/access.c:check_access(333) (202.88.152.141) : 2 Time(s)
    lib/access.c:check_access(333) (212.174.25.221) : 1 Time(s)
    lib/access.c:check_access(333) (61.225.192.63) : 1 Time(s)
    lib/access.c:check_access(333) (218.14.128.24<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (62.62.145.13<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (212.133.150.251) : 1 Time(s)
    lib/access.c:check_access(333) (63.105.104.33) : 1 Time(s)
    lib/access.c:check_access(333) (24.216.245.183) : 1 Time(s)
    lib/access.c:check_access(333) (61.131.230.129) : 1 Time(s)
    lib/access.c:check_access(333) (200.140.226.17<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (4.64.100.182) : 1 Time(s)
    lib/access.c:check_access(333) (66.98.86.32) : 1 Time(s)
    lib/access.c:check_access(333) (81.213.9.54) : 1 Time(s)
    lib/access.c:check_access(333) (66.0.228.154) : 1 Time(s)
    lib/access.c:check_access(333) (212.11.78.130) : 1 Time(s)
    lib/access.c:check_access(333) (193.252.32.251) : 1 Time(s)
    lib/access.c:check_access(333) (61.231.34.93) : 1 Time(s)
    lib/access.c:check_access(333) (203.191.32.211) : 1 Time(s)
    lib/access.c:check_access(333) (219.94.126.194) : 2 Time(s)
    lib/access.c:check_access(333) (200.65.39.251) : 1 Time(s)
    lib/access.c:check_access(333) (216.55.65.235) : 1 Time(s)
    lib/access.c:check_access(333) (67.116.218.110) : 1 Time(s)
    lib/access.c:check_access(333) (80.34.201.244) : 1 Time(s)
    lib/access.c:check_access(333) (61.188.237.110) : 1 Time(s)
    lib/access.c:check_access(333) (217.99.165.11) : 1 Time(s)
    lib/access.c:check_access(333) (155.239.71.235) : 1 Time(s)
    lib/access.c:check_access(333) (217.116.136.6) : 1 Time(s)
    lib/access.c:check_access(333) (217.81.17.212) : 2 Time(s)
    lib/access.c:check_access(333) (210.229.4.13<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (62.114.186.24) : 1 Time(s)
    lib/access.c:check_access(333) (200.149.172.17) : 1 Time(s)
    lib/access.c:check_access(333) (148.233.9.220) : 1 Time(s)
    lib/access.c:check_access(333) (219.160.109.84) : 1 Time(s)
    lib/access.c:check_access(333) (61.189.159.40) : 1 Time(s)
    lib/access.c:check_access(333) (80.15.202.175) : 1 Time(s)
    lib/access.c:check_access(333) (217.1.4.107) : 2 Time(s)
    lib/access.c:check_access(333) (200.65.77.23) : 1 Time(s)
    lib/access.c:check_access(333) (81.49.107.125) : 1 Time(s)
    lib/access.c:check_access(333) (66.166.155.180) : 1 Time(s)
    lib/access.c:check_access(333) (217.85.151.252) : 1 Time(s)
    lib/access.c:check_access(333) (200.176.16.162) : 1 Time(s)
    lib/access.c:check_access(333) (200.223.125.197) : 1 Time(s)
    lib/access.c:check_access(333) (68.155.15.44) : 1 Time(s)
    lib/access.c:check_access(333) (166.114.12.20) : 1 Time(s)
    lib/access.c:check_access(333) (218.108.177.176) : 1 Time(s)
    lib/access.c:check_access(333) (61.189.244.7) : 1 Time(s)
    lib/access.c:check_access(333) (200.84.109.70) : 1 Time(s)
    lib/access.c:check_access(333) (130.158.128.231) : 1 Time(s)
    lib/access.c:check_access(333) (200.151.136.13<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (218.11.107.117) : 1 Time(s)
    lib/access.c:check_access(333) (211.52.178.35) : 1 Time(s)
    lib/access.c:check_access(333) (195.133.227.115) : 1 Time(s)
    lib/access.c:check_access(333) (211.23.239.21<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (212.19.107.10) : 1 Time(s)
    lib/access.c:check_access(333) (151.198.131.211) : 1 Time(s)
    lib/access.c:check_access(333) (205.238.224.39) : 1 Time(s)
    lib/access.c:check_access(333) (202.222.173.133) : 1 Time(s)
    lib/access.c:check_access(333) (81.225.154.44) : 1 Time(s)
    lib/access.c:check_access(333) (210.23.242.7<IMG SRC="images/forum/icons/icon_cool.gif"> : 1 Time(s)
    lib/access.c:check_access(333) (148.221.234.171) : 1 Time(s)
    lib/access.c:check_access(333) (80.33.179.103) : 1 Time(s)

    **Unmatched Entries**
    nmbd/nmbd_packets.c<IMG SRC="images/forum/icons/icon_razz.gif">rocess_browse_packet(1063) process_browse_packet: Discarding datagram from IP 200.xxx.xx.xx. Source name Nx<00> is one of our names ! : 238 Time(s)

    ---------------------- samba End -------------------------

    Obrigado.

  2. #2

    Padrão É tentativa de invasão

    Olha, para mim isso indica que tem algum(s) pamonha(s) dando PING para verificar a disponibilidade do seu servidor.
    O seu firewall está configurado para não responder a PINGs ?
    <IMG SRC="images/forum/icons/icon_eek.gif">

  3. #3
    brunomarcelo
    Visitante

    Padrão É tentativa de invasão

    isso provavelmente seja pessoas infectadas com worms que escaneiam redes atraz de shares windows abertas e sem senhas... (o Opaserv faz isso, por ex.)

    sugiro que bloqueie o acesso externo ao seu servidor samba...

    iptables -t filter -A INPUT -s 0/0 -d seu.ip.internet 137:139 -p tcp -j DROP
    iptables -t filter -A INPUT -s 0/0 -d seu.ip.internet 137:139 -p udp -j DROP