» »

Vdor v ClarkConnect?

Vdor v ClarkConnect?

andromedar ::

Uporabljam ClarkConnect 3.0 Home in danes zjutraj Mldonkey ni več laufal in se ga niti ni dalo več zagnat. Naj omenim, da sem ga mel v /chroot. Ko gledam zdaj mi SNORT porablja 21% od 196MB ram-a.No, če je kaki linux security strokovnjak bi ga prosil da pogleda spodnji izvleček iz security log-a in pove (če je možno razbrat) kaj se je dogajalo.Hvala.

Mar 27 23:44:21 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 213.23.214.188 -> 213.161.17.124
Mar 27 23:44:53 sun snort: [1:486:4] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.84.94.148 -> 213.161.17.124
Mar 27 23:45:12 sun last message repeated 2 times
Mar 27 23:46:27 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60158 -> 213.161.17.124:4662
Mar 27 23:46:36 sun last message repeated 2 times
Mar 27 23:46:39 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 213.23.214.188 -> 213.161.17.124
Mar 27 23:48:32 sun snort: [1:486:4] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.84.94.148 -> 213.161.17.124
Mar 27 23:50:50 sun last message repeated 2 times
Mar 27 23:51:29 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 213.23.214.188 -> 213.161.17.124
Mar 27 23:52:39 sun snort: [1:486:4] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.84.94.148 -> 213.161.17.124
Mar 27 23:53:37 sun snort: [1:486:4] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.84.94.148 -> 213.161.17.124
Mar 27 23:55:48 sun last message repeated 2 times
Mar 27 23:56:12 sun snort: [1:486:4] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.84.94.148 -> 213.161.17.124
Mar 27 23:58:12 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 85.176.174.70 -> 213.161.17.124
Mar 28 00:06:00 sun snort: [1:486:4] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.84.94.148 -> 213.161.17.124
Mar 28 00:11:25 sun snort: [1:486:4] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.84.94.148 -> 213.161.17.124
Mar 28 00:13:38 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60727 -> 213.161.17.124:4662
Mar 28 00:13:41 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60727 -> 213.161.17.124:4662
Mar 28 00:13:42 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.237.66.239 -> 213.161.17.124
Mar 28 00:13:47 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60727 -> 213.161.17.124:4662
Mar 28 00:17:57 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 195.186.120.49 -> 213.161.17.124
Mar 28 00:28:04 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 195.186.120.49 -> 213.161.17.124
Mar 28 00:38:18 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 195.186.120.49 -> 213.161.17.124
Mar 28 00:42:41 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60019 -> 213.161.17.124:4662
Mar 28 00:42:50 sun last message repeated 2 times
Mar 28 00:44:50 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.237.66.239 -> 213.161.17.124
Mar 28 00:48:26 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 195.186.120.49 -> 213.161.17.124
Mar 28 00:54:41 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network
Mar 28 00:54:42 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 00:54:42 sun last message repeated 4 times
Mar 28 00:54:43 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/release
Mar 28 00:54:43 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 00:54:43 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 00:54:43 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/release
Mar 28 00:54:44 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/usr/sbin/cc-passwd
Mar 28 00:54:55 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/usr/sbin/cc-passwd
Mar 28 00:54:58 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/firewall
Mar 28 00:54:58 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /etc/sysconfig/network-scripts/ifcfg-ppp0
Mar 28 00:54:59 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ethtool eth0
Mar 28 00:54:59 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ethtool eth0
Mar 28 00:54:59 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth0
Mar 28 00:54:59 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth0
Mar 28 00:54:59 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ifconfig
Mar 28 00:54:59 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth0
Mar 28 00:55:00 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/firewall
Mar 28 00:55:00 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/firewall
Mar 28 00:55:00 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ethtool eth1
Mar 28 00:55:00 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ethtool eth1
Mar 28 00:55:00 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth1
Mar 28 00:55:00 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth1
Mar 28 00:55:00 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ifconfig
Mar 28 00:55:00 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth1
Mar 28 00:55:01 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/firewall
Mar 28 00:55:01 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/firewall
Mar 28 00:55:01 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ethtool eth2
Mar 28 00:55:01 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ethtool eth2
Mar 28 00:55:01 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth2
Mar 28 00:55:02 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth2
Mar 28 00:55:02 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/sbin/ifconfig
Mar 28 00:55:02 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/sysconfig/network-scripts/ifcfg-eth2
Mar 28 00:55:02 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/firewall
Mar 28 00:55:02 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/firewall
Mar 28 00:55:03 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /etc/localtime.info
Mar 28 00:55:04 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/Africa
Mar 28 00:55:06 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/America
Mar 28 00:55:06 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/America/Indiana
Mar 28 00:55:06 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/America/Kentucky
Mar 28 00:55:07 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/America/North_Dakota
Mar 28 00:55:07 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/Antarctica
Mar 28 00:55:07 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/Asia
Mar 28 00:55:08 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/Atlantic
Mar 28 00:55:08 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/Australia
Mar 28 00:55:09 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/ls /usr/share/zoneinfo/posix/Europe
Mar 28 00:55:10 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /etc/users
Mar 28 00:55:11 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /var/webconfig/reports/postfix/data-today.out
Mar 28 00:55:17 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 00:55:19 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 00:55:19 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs ; USER=root ; COMMAND=/bin/cat /etc/release
Mar 28 00:55:19 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 00:55:19 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 00:55:19 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs ; USER=root ; COMMAND=/bin/cat /etc/release
Mar 28 00:55:50 sun /usr/bin/sudo: webconfi : TTY=unknown ; PWD=/var/webconfig/htdocs/admin ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/policy
Mar 28 00:58:33 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 195.186.120.49 -> 213.161.17.124
Mar 28 01:04:50 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 159.46.248.242 -> 213.161.17.124
Mar 28 01:08:46 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 195.186.120.49 -> 213.161.17.124
Mar 28 01:11:44 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61364 -> 213.161.17.124:4662
Mar 28 01:11:54 sun last message repeated 2 times
Mar 28 01:16:07 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.237.66.239 -> 213.161.17.124
Mar 28 01:18:59 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 195.186.120.49 -> 213.161.17.124
Mar 28 01:41:01 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61087 -> 213.161.17.124:4662
Mar 28 01:41:02 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 80.134.20.162 -> 213.161.17.124
Mar 28 01:41:06 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61087 -> 213.161.17.124:4662
Mar 28 01:47:12 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.237.66.239 -> 213.161.17.124
Mar 28 02:09:43 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60161 -> 213.161.17.124:4662
Mar 28 02:09:52 sun last message repeated 2 times
Mar 28 02:12:01 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 80.134.20.162 -> 213.161.17.124
Mar 28 02:38:58 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60500 -> 213.161.17.124:4662
Mar 28 02:39:07 sun last message repeated 2 times
Mar 28 02:49:44 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 217.237.66.239 -> 213.161.17.124
Mar 28 03:07:55 sun snort: [1:621:7] SCAN FIN [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 82.55.209.170:55551 -> 213.161.17.124:4662
Mar 28 03:08:02 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60205 -> 213.161.17.124:4662
Mar 28 03:08:11 sun last message repeated 2 times
Mar 28 03:14:45 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 80.134.20.162 -> 213.161.17.124
Mar 28 03:36:54 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61579 -> 213.161.17.124:4662
Mar 28 03:37:03 sun last message repeated 2 times
Mar 28 03:45:39 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 80.134.20.162 -> 213.161.17.124
Mar 28 03:48:09 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/local/suva/bin/suvactl --get-hostkey
Mar 28 03:48:11 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 03:48:17 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/local/suva/bin/suvactl --get-hostkey
Mar 28 03:48:17 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 03:48:18 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/rm /etc/cron.d/cc-serviceupdates
Mar 28 03:48:18 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/ls /etc/cron.d/cc-serviceupdates
Mar 28 03:48:18 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/touch /etc/cron.d/cc-serviceupdates
Mar 28 03:48:18 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/chown root /etc/cron.d/cc-serviceupdates
Mar 28 03:48:19 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/chown :root /etc/cron.d/cc-serviceupdates
Mar 28 03:48:19 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/chmod 0644 /etc/cron.d/cc-serviceupdates
Mar 28 03:48:19 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/cat /etc/cron.d/cc-serviceupdates
Mar 28 03:48:19 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/cc-rename /usr/webconfig/tmp/cc-serviceupdates.29351 /etc/cron.d/cc-serviceupdates
Mar 28 03:52:01 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 04:02:56 sun last message repeated 4 times
Mar 28 04:03:08 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 04:06:10 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61022 -> 213.161.17.124:4662
Mar 28 04:06:19 sun last message repeated 2 times
Mar 28 04:13:36 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 04:13:55 sun last message repeated 2 times
Mar 28 04:15:21 sun snort: [1:2003:8] MS-SQL Worm propagation attempt [Classification: Misc Attack] [Priority: 2]: {UDP} 221.127.177.123:4327 -> 213.161.17.124:1434
Mar 28 04:15:22 sun snort: [1:2050:5] MS-SQL version overflow attempt [Classification: Misc activity] [Priority: 3]: {UDP} 221.127.177.123:4327 -> 213.161.17.124:1434
Mar 28 04:24:28 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 04:33:30 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.54.206 -> 213.161.17.124
Mar 28 04:35:04 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61945 -> 213.161.17.124:4662
Mar 28 04:35:07 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61945 -> 213.161.17.124:4662
Mar 28 04:35:09 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 04:35:13 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61945 -> 213.161.17.124:4662
Mar 28 04:45:55 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 04:46:17 sun last message repeated 2 times
Mar 28 04:47:46 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 80.134.20.162 -> 213.161.17.124
Mar 28 04:55:18 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.48.96 -> 213.161.17.124
Mar 28 04:56:41 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 04:57:01 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 04:59:57 sun snort: [1:2003:8] MS-SQL Worm propagation attempt [Classification: Misc Attack] [Priority: 2]: {UDP} 172.172.106.106:1543 -> 213.161.17.124:1434
Mar 28 04:59:57 sun snort: [1:2050:5] MS-SQL version overflow attempt [Classification: Misc activity] [Priority: 3]: {UDP} 172.172.106.106:1543 -> 213.161.17.124:1434
Mar 28 05:04:00 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:60674 -> 213.161.17.124:4662
Mar 28 05:04:09 sun last message repeated 2 times
Mar 28 05:04:40 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.54.206 -> 213.161.17.124
Mar 28 05:05:25 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.48.96 -> 213.161.17.124
Mar 28 05:07:30 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 05:15:35 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.48.96 -> 213.161.17.124
Mar 28 05:18:17 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 05:18:38 sun last message repeated 3 times
Mar 28 05:25:55 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.48.96 -> 213.161.17.124
Mar 28 05:29:07 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 05:29:07 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/local/suva/bin/suvactl --get-hostkey
Mar 28 05:29:09 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 05:29:12 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/local/suva/bin/suvactl --get-hostkey
Mar 28 05:29:12 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/cat /usr/local/system/settings/general
Mar 28 05:29:13 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/rm /etc/cron.d/cc-serviceupdates
Mar 28 05:29:13 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/ls /etc/cron.d/cc-serviceupdates
Mar 28 05:29:13 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/touch /etc/cron.d/cc-serviceupdates
Mar 28 05:29:13 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/chown root /etc/cron.d/cc-serviceupdates
Mar 28 05:29:14 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/chown :root /etc/cron.d/cc-serviceupdates
Mar 28 05:29:14 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/chmod 0644 /etc/cron.d/cc-serviceupdates
Mar 28 05:29:14 sun snort: [1:477:2] ICMP Source Quench [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 217.228.169.201 -> 213.161.17.124
Mar 28 05:29:14 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/cat /etc/cron.d/cc-serviceupdates
Mar 28 05:29:14 sun /usr/bin/sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/cc-rename /usr/webconfig/tmp/cc-serviceupdates.2122 /etc/cron.d/cc-serviceupdates
Mar 28 05:33:01 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61124 -> 213.161.17.124:4662
Mar 28 05:33:10 sun last message repeated 2 times
Mar 28 05:33:33 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 62.227.242.136 -> 213.161.17.124
Mar 28 05:35:57 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.54.206 -> 213.161.17.124
Mar 28 05:36:01 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.48.96 -> 213.161.17.124
Mar 28 05:45:33 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 84.161.137.142 -> 213.161.17.124
Mar 28 05:46:13 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.48.96 -> 213.161.17.124
Mar 28 05:50:20 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 80.134.20.162 -> 213.161.17.124
Mar 28 05:56:16 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.48.96 -> 213.161.17.124
Mar 28 06:02:03 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61704 -> 213.161.17.124:4662
Mar 28 06:02:12 sun last message repeated 2 times
Mar 28 06:06:19 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 82.83.48.96 -> 213.161.17.124
Mar 28 06:07:05 sun snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification
Eh?

matter ::

To povprašaj na forumu www.clarkconnect.org, ojo še najbol znal pomagat, saj je ena tema o vdoru v CC že odprta.
Sicer pa je snort v 3.0 dosti zbugan in ga raje ne uporabljam.
Grem basket pa bom neloke metal

Nerdor ::

Če hočeš vedeti, kdo je lastnik IP številk se odpravi na CompleteWhois. Sicer je pa tko. Lahko bi ti tle na ST forumu ta post zaklenil. Pa ti niso. Ti pa bom povedal, kaj je narobe. Lahko bi fasal vdor če bi imel Windows ali Linux ali kakoli. Namreč, če že moraš uporabljati mldonkey, zaradi legalnih stvari, recimo hostaš odprtokodne programe. Po tem je dobro si preskrbeti block list ip naslovov. Ter to listo block listo vnesti v iptables. In to je to. Na windowsih uporabljam ProtoWall 1.42 (to je netfilter in ne firewall) poleg firewall-a. Toliko o temu.
... for lifetime!

NeOman ::

Mar 28 04:35:04 sun snort: [1:2182:8] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 65.93.69.74:61945 -> 213.161.17.124:4662

hudo zanimivo... vedno se pojavi tale ip 65.93.69.74

[IPv4 whois information for 65.93.69.74 ]

provider:
OrgName: Bell Canada
City: Toronto
StateProv: ON
PostalCode: K1G-3J4
Country: CA
TechHandle: PD135-ARIN
TechName: Daoust, Philippe
TechPhone: +1-800-450-7771
TechEmail: noc@in.bell.ca

user:
CustName: Sympatico HSE
Address: 220 Simcoe St.
City: Toronto
StateProv: ON
PostalCode: M4P-3E8
Country: CA

pisi semle pa jim tisto zgoraj prilozi abuse@sympatico.ca

andromedar ::

Hvala vsem. Ja tudi meni se zdi da se nekateri Ipji kar pogosto pojavljajo. Se bom držal priporočil. Še enkrat hvala.
LP
Eh?

Nerdor ::

Block list dobiš pri bluetack. Za output izberi iptables in to je to. Kako to listo uporabiti!? Klick tukaj1 in klick 2. Dokaj osnovno block listo in perl skripto za update dobiš na DSheild.org. (DSheild uporabi, če ti ne bo šlo pri Bluetacku, ker primarno pišejo zadeve za Win. platformo)
... for lifetime!


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Zaznavanje Arduina priklopljenega preko USB v Linuxu

Oddelek: Programiranje
211487 (981) mojster_joni
»

problem pri sprembi root gesla v MySQL v Ubuntu

Oddelek: Pomoč in nasveti
231197 (777) killa bee
»

clarkconnect rabim poomoč pri inštaliranju! (strani: 1 2 3 4 5 )

Oddelek: Operacijski sistemi
23015874 (7413) Gapi
»

Internet dela ali ne dela (lnux)

Oddelek: Operacijski sistemi
271851 (1520) root
»

kako prevedem(skompajlam) javo v linuxu?

Oddelek: Programiranje
101423 (1304) hruske

Več podobnih tem