2020 9월 – Computer Security

컴 세팅 후 해커들 난리

방화벽 ufw 으로 특정아이피만 허용한 상태에서 로그 확인 하면 특정포트가 열려 있는지 확인 하기 위하여 아이피를 돌아가면 접속 시도 로그아이피 하나를 조회하면 아이피 출발지가 루마니아로 나옴 내부 방화벽 설정이 중요하다는 반증


Sep 28 09:42:02 raspberrypi kernel: [594044.198293] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:2c:62:00:00:00:f3:06:fd:6a SRC=193.27.228.100 DST=192.168.1.128 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=25272 PROTO=TCP SPT=56767 DPT=9357 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 28 09:42:10 raspberrypi kernel: [594051.748371] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:08:00:2c:98:b9:00:00:ef:06:b3:28 SRC=104.167.85.18 DST=192.168.1.128 LEN=44 TOS=0x08 PREC=0x00 TTL=239 ID=39097 PROTO=TCP SPT=52704 DPT=11134 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 28 09:42:24 raspberrypi kernel: [594065.957621] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:2c:a1:db:00:00:f2:06:40:80 SRC=176.113.115.214 DST=192.168.1.128 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=41435 PROTO=TCP SPT=51175 DPT=2375 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 28 09:42:49 raspberrypi kernel: [594090.544134] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:3c:82:8a:40:00:32:06:ad:d3 SRC=85.209.0.101 DST=192.168.1.128 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33418 DF PROTO=TCP SPT=32306 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 28 09:42:50 raspberrypi kernel: [594091.545486] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:3c:82:8b:40:00:32:06:ad:d2 SRC=85.209.0.101 DST=192.168.1.128 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33419 DF PROTO=TCP SPT=32306 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 28 09:43:06 raspberrypi kernel: [594108.177576] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:33:74:44:40:00:2f:11:65:09 SRC=184.105.247.218 DST=192.168.1.128 LEN=51 TOS=0x00 PREC=0x00 TTL=47 ID=29764 DF PROTO=UDP SPT=58548 DPT=623 LEN=31
Sep 28 09:43:42 raspberrypi kernel: [594143.739669] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:2c:56:89:00:00:f3:06:09:9a SRC=193.27.228.100 DST=192.168.1.128 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=22153 PROTO=TCP SPT=56767 DPT=8594 WINDOW=1024 RES=0x00 SYN URGP=0
:: 중간 생략 ::

Sep 28 09:42:02 raspberrypi kernel: [594044.198293] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:2c:62:00:00:00:f3:06:fd:6a SRC=193.27.228.100 DST=192.168.1.128 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=25272 PROTO=TCP SPT=56767 DPT=9357 WINDOW=1024 RES=0x00 SYN URGP=0

Sep 28 09:42:10 raspberrypi kernel: [594051.748371] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:08:00:2c:98:b9:00:00:ef:06:b3:28 SRC=104.167.85.18 DST=192.168.1.128 LEN=44 TOS=0x08 PREC=0x00 TTL=239 ID=39097 PROTO=TCP SPT=52704 DPT=11134 WINDOW=1024 RES=0x00 SYN URGP=0

Sep 28 09:42:24 raspberrypi kernel: [594065.957621] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:2c:a1:db:00:00:f2:06:40:80 SRC=176.113.115.214 DST=192.168.1.128 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=41435 PROTO=TCP SPT=51175 DPT=2375 WINDOW=1024 RES=0x00 SYN URGP=0

Sep 28 09:42:49 raspberrypi kernel: [594090.544134] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:3c:82:8a:40:00:32:06:ad:d3 SRC=85.209.0.101 DST=192.168.1.128 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33418 DF PROTO=TCP SPT=32306 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

Sep 28 09:42:50 raspberrypi kernel: [594091.545486] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:3c:82:8b:40:00:32:06:ad:d2 SRC=85.209.0.101 DST=192.168.1.128 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33419 DF PROTO=TCP SPT=32306 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

Sep 28 09:43:06 raspberrypi kernel: [594108.177576] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:33:74:44:40:00:2f:11:65:09 SRC=184.105.247.218 DST=192.168.1.128 LEN=51 TOS=0x00 PREC=0x00 TTL=47 ID=29764 DF PROTO=UDP SPT=58548 DPT=623 LEN=31

Sep 28 09:43:42 raspberrypi kernel: [594143.739669] [UFW BLOCK] IN=eth0 OUT= MAC=00:27:eb:45:12:b3:64:ee:b7:8a:4e:81:08:00:45:00:00:2c:56:89:00:00:f3:06:09:9a SRC=193.27.228.100 DST=192.168.1.128 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=22153 PROTO=TCP SPT=56767 DPT=8594 WINDOW=1024 RES=0x00 SYN URGP=0

:: 중간 생략 ::