sshd :(

[mike]

Hi!
Ich habe folgendes Problem mit meinen Server. Am 18 Dec hab ich eine Bruteforce Attacke auf dem FTP gehabt. Ca 100 Versuche. Dann war noch folgendes:

Dec 17 18:21:30 sauron sshd[16351]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 61710 ssh2
Dec 17 18:22:26 sauron sshd[16348]: fatal: Timeout before authentication for 192.168.2.253
Dec 17 18:52:53 sauron sshd[16402]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 42950 ssh2
Dec 17 18:54:35 sauron sshd[16400]: fatal: Timeout before authentication for 192.168.2.253
Dec 17 20:39:00 sauron sshd[16510]: Accepted password for michael from 192.168.2.253 port 44447
Dec 17 20:40:38 sauron sshd[16508]: fatal: Timeout before authentication for 192.168.2.253
Dec 17 22:39:06 sauron sshd[16941]: Accepted password for michael from 192.168.2.253 port 47441
Dec 17 22:40:43 sauron sshd[16953]: Accepted password for michael from 192.168.2.253 port 47940
Dec 17 22:40:47 sauron sshd[16939]: fatal: Timeout before authentication for 192.168.2.253
Dec 18 19:32:36 sauron sshd[19033]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 51730 ssh2
Dec 18 19:39:04 sauron sshd[19056]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 55223 ssh2
Dec 18 19:40:50 sauron sshd[19052]: fatal: Timeout before authentication for 192.168.2.253
Dec 18 19:43:29 sauron sshd[19075]: Accepted password for michael from 192.168.2.253 port 59714
Dec 18 19:45:13 sauron sshd[19073]: fatal: Timeout before authentication for 192.168.2.253
Dec 18 19:47:26 sauron sshd[19091]: Accepted password for michael from 192.168.2.253 port 62708
Dec 18 19:49:05 sauron sshd[19089]: fatal: Timeout before authentication for 192.168.2.253
Dec 19 11:53:49 sauron sshd[20363]: Did not receive identification string from 192.168.2.253
Dec 19 11:54:34 sauron sshd[20364]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 35572 ssh2
Dec 19 12:18:30 sauron sshd[20409]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 38067 ssh2
Dec 19 12:20:16 sauron sshd[20406]: fatal: Timeout before authentication for 192.168.2.253
Dec 19 12:38:11 sauron sshd[20460]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 42558 ssh2
Dec 19 22:01:02 sauron sshd[21123]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 57029 ssh2
Dec 19 22:31:38 sauron sshd[21185]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 58027 ssh2
Dec 20 07:02:07 sauron sshd[24475]: Did not receive identification string from 192.168.2.253
Dec 22 12:31:17 sauron sshd[27892]: Accepted password for michael from 192.168.2.253 port 45267
Dec 22 13:54:34 sauron sshd[27998]: Accepted keyboard-interactive/pam for michael from 192.168.2.253 port 46764 ssh2
Dec 23 08:51:57 sauron sshd[29329]: Accepted password for michael from 172.16.30.36 port 1124

Accepted password for michael from 192.168.2.253 port 45267
Ist das nicht eine Klasse C Netzwerk IP = intern? Ist das eine gefakte IP?
Sendet sshd die Passwörter standarmäßig unverschlüsselt?

Danke im Voraus!!
mfg

 

[asg]

Was heisst da brute-force und 100 Versuche? In welchem Zeitraum?
Wie sieht denn das log aus?
Wie kommst Du drauf das die Passwörter unverschlüsselt gesendet werden?
Was sagen die anderen logs? Hat "portsentry" nicht reagiert?

 

[mike]

Naja. Innerhalb von ein paar Sekunden.
Ist aber glob ich hinfällig. Das ist glob ich die neue Firewall. Die zeigt nicht mehr die externe IP an. Sorry

mfg