Bonjour,
Lorsque je consulte mes logs, je me demande si un type a pas tenté de me hacker cette nuit, et j'aimerai savoir si quelqu'un connait un type de failles au vu de ces messages:
Dans auth.log
Dans les logs d'ulog:
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 May 9 16:36:21 Etch sshd[1969]: Bad protocol version identification '\200F\001\003\001' from UNKNOWN May 9 16:53:43 Etch sshd[2597]: Bad protocol version identification '\200F\001\003\001' from UNKNOWN May 9 16:58:13 Etch sshd[2792]: Bad protocol version identification '\200F\001\003\001' from UNKNOWN May 9 17:00:01 Etch CRON[2890]: (pam_unix) session opened for user root by (uid=0) May 9 17:00:01 Etch CRON[2890]: (pam_unix) session closed for user root May 9 17:02:01 Etch CRON[3071]: (pam_unix) session opened for user logcheck by (uid=0) May 9 17:02:05 Etch CRON[3071]: (pam_unix) session closed for user logcheck May 9 17:11:13 Etch sshd[3741]: Bad protocol version identification '\200F\001\003\001' from UNKNOWN May 9 17:17:01 Etch CRON[4010]: (pam_unix) session opened for user root by (uid=0) May 9 17:17:01 Etch CRON[4010]: (pam_unix) session closed for user root May 9 17:19:59 Etch sshd[4121]: Bad protocol version identification '\200F\001\003\001' from UNKNOWN May 9 17:30:01 Etch CRON[4542]: (pam_unix) session opened for user root by (uid=0) May 9 17:30:10 Etch CRON[4542]: (pam_unix) session closed for user root May 9 17:37:15 Etch sshd[4945]: Bad protocol version identification '\200F\001\003\001' from UNKNOWN May 9 17:46:02 Etch sshd[5268]: Bad protocol version identification '\200F\001\003\001' from UNKNOWN May 9 17:58:41 Etch sshd[5793]: Bad protocol version identification '\200F\001\003\001' from UNKNOWN
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11 May 9 17:19:45 Etch TRAFFIC_ACCEPT_SSH IN=ath0 OUT= MAC= SRC=80.8.242.18 DST=192.168.1.11 LEN=48 TOS=00 PREC=0x00 TTL=115 ID=37563 CE DF PROTO=TCP SPT=4867 DPT=443 SEQ=375534364 ACK=0 WINDOW=65535 SYN URGP=0 May 9 17:37:05 Etch TRAFFIC_ACCEPT_SSH IN=ath0 OUT= MAC= SRC=80.8.242.18 DST=192.168.1.11 LEN=48 TOS=00 PREC=0x00 TTL=115 ID=41016 CE DF PROTO=TCP SPT=1910 DPT=443 SEQ=3885584519 ACK=0 WINDOW=65535 SYN URGP=0 May 9 17:45:48 Etch TRAFFIC_ACCEPT_SSH IN=ath0 OUT= MAC= SRC=80.8.242.18 DST=192.168.1.11 LEN=48 TOS=00 PREC=0x00 TTL=115 ID=42706 CE DF PROTO=TCP SPT=2416 DPT=443 SEQ=1390587404 ACK=0 WINDOW=65535 SYN URGP=0 May 9 17:58:30 Etch TRAFFIC_ACCEPT_SSH IN=ath0 OUT= MAC= SRC=80.8.242.18 DST=192.168.1.11 LEN=48 TOS=00 PREC=0x00 TTL=115 ID=44508 CE DF PROTO=TCP SPT=2915 DPT=443 SEQ=4284133435 ACK=0 WINDOW=65535 SYN URGP=0 May 9 18:05:36 Etch TRAFFIC_ACCEPT_SSH IN=ath0 OUT= MAC= SRC=62.48.228.149 DST=192.168.1.11 LEN=48 TOS=00 PREC=0x00 TTL=112 ID=38975 CE DF PROTO=TCP SPT=1860 DPT=443 SEQ=3186776466 ACK=0 WINDOW=65535 SYN URGP=0 May 9 18:40:14 Etch TRAFFIC_ACCEPT_SSH IN=ath0 OUT= MAC= SRC=193.147.185.18 DST=192.168.1.11 LEN=60 TOS=00 PREC=0x00 TTL=46 ID=2089 DF PROTO=TCP SPT=45696 DPT=443 SEQ=3181036818 ACK=0 WINDOW=5840 SYN URGP=0
Merci de votre aide
Partager