Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bootstrap.php(430) : eval()'d code on line 123
Внимание! Безопасность Linux-based mipsel роутеров! - Page 9
Page 9 of 9 FirstFirst ... 789
Results 121 to 128 of 128

Thread: Внимание! Безопасность Linux-based mipsel роутеров!

  1. #121
    Join Date
    Aug 2008
    Location
    Kharkov UA
    Posts
    35

    wl500GP


    Linux version 2.6.22.19 (root@localhost) (gcc version 4.6.3 (GCC) ) #2 Mon Oct 8 18:11:53 YEKT 2012
    1.9.2.7-rtn-r4667

    ( 3 , ), - , 😉
    , BusyBox , photo.scr.
    locate file file locate. ? , , , . .
    Name:  2cfc247ab6974b85b6b8db53a7ab9101.png
Views: 324
Size:  26.9 KB

  2. #122
    Join Date
    Mar 2011
    Location
    Moscow
    Posts
    233
    Quote Originally Posted by Service2 View Post
    ( 3 , ), - , ��
    , .

    Quote Originally Posted by Service2 View Post
    , BusyBox , photo.scr.
    locate file file locate. ?
    find
    .

    Quote Originally Posted by Service2 View Post
    , , , . .
    , , .
    Last edited by don-pedro; 27-02-2017 at 09:45.
    WL500gp 1.9.2.7-d-r2624, Optware.

  3. #123
    Join Date
    Aug 2008
    Location
    Kharkov UA
    Posts
    35
    find
    -sh: find: not found

    , . . ?

  4. #124
    Join Date
    Mar 2011
    Location
    Moscow
    Posts
    233
    Quote Originally Posted by Service2 View Post
    find
    -sh: find: not found
    findutils .

    Quote Originally Posted by Service2 View Post
    , . . ?
    , - .
    WL500gp 1.9.2.7-d-r2624, Optware.

  5. #125
    Join Date
    Mar 2009
    Location
    Russia, Moscow
    Posts
    2,092
    Blog Entries
    32

    Cool

    Quote Originally Posted by Born13
    RT-AC68U Hugo - !
    , 13 . 3 .
    SSH . SSH. .
    Entware-ng , StealthMode Sunset (Merlin)

    SSH wan SSH 2222
    PHP Code:
    Mar  6 06:59:04 dropbear[29479]: Child connection from 190.137.111.208:48605
    Mar  6 06
    :59:14 dropbear[29479]: Password auth succeeded for 'Born' from 190.137.111.208:48605
    Mar  6 07
    :00:30 dropbear[29563]: Running in background
    Mar  6 07
    :01:21 dropbear[29651]: Child connection from 190.137.111.208:36802
    Mar  6 07
    :01:31 dropbear[29651]: Password auth succeeded for 'Born' from 190.137.111.208:36802
    Mar  6 07
    :01:37 dropbear[29651]: User Born executing '/sbin/ifconfig'
    Mar  6 07:01:41 dropbear[29651]: User Born executing 'cat /proc/meminfo'
    Mar  6 07:01:45 dropbear[29651]: User Born executing '2>/dev/null sh -c 'cat /lib/libdl.so* || cat /lib/librt.so* || cat /bin/cat || cat /sbin/ifconfig''
    Mar  6 07:01:51 dropbear[29651]: User Born executing 'cat /proc/version'
    Mar  6 07:01:55 dropbear[29651]: User Born executing 'uptime'
    Mar  6 07:01:59 dropbear[29651]: User Born executing '1>/dev/null 2>/dev/null /sbin/iptables -L -n && echo 1 || echo 0'
    Mar  6 07:02:03 dropbear[29651]: User Born executing '(python -V 2>/dev/null && echo python && python -V) || (/usr/local/bin/python -V 2>/dev/null && echo /usr/local/bin/python && /usr/local/bin/python -V)'
    Mar  6 07:02:06 dropbear[29651]: Exit (Born): Exited normally
    Mar  6 07
    :04:34 dropbear[29940]: Child connection from 109.237.123.45:55826
    Mar  6 07
    :04:42 dropbear[29940]: Password auth succeeded for 'Born' from 109.237.123.45:55826
    Mar  6 07
    :05:14 dropbear[29940]: User Born executing 'cat /proc/version'
    Mar  6 07:05:17 dropbear[29940]: User Born executing 'PATH=$PATH:/usr/sbin iptables -L -n'
    Mar  6 07:05:22 dropbear[29940]: User Born executing 'ps'
    Mar  6 07:05:26 dropbear[29940]: User Born executing 'cat /bin/cat 2>/dev/null'
    Mar  6 07:07:19 dropbear[29940]: User Born executing 'cat > /tmp/bungee'
    Mar  6 07:07:52 dropbear[29940]: User Born executing 'PATH=$PATH:/usr/sbin iptables -D INPUT -p tcp --dport 16872 -j ACCEPT; PATH=$PATH:/usr/sbin iptables -I INPUT -p tcp --dport 16872 -j ACCEPT'
    Mar  6 07:08:02 dropbear[29940]: User Born executing 'PATH=$PATH:/usr/sbin iptables -t nat -D PREROUTING -p tcp --dport 16872 -j ACCEPT; PATH=$PATH:/usr/sbin iptables -t nat -I PREROUTING -p tcp --dport 16872 -j ACCEPT'
    Mar  6 07:08:11 dropbear[29940]: User Born executing 'PATH=$PATH:/usr/sbin iptables -D DMZ -t nat -p tcp --dport 16872 -j RETURN; PATH=$PATH:/usr/sbin iptables -I DMZ -t nat -p tcp --dport 16872 -j RETURN'
    Mar  6 07:08:24 dropbear[29940]: User Born executing 'chmod +x /tmp/bungee'
    Mar  6 07:08:38 dropbear[29940]: User Born executing '( /tmp/bungee 16872 30 360 14400 0 10000 > /dev/null 2>&1 )&'
    Mar  6 07:08:49 dropbear[29940]: User Born executing 'rm -f /tmp/bungee'
    Mar  6 07:09:09 dropbear[29940]: Exit (Born): Exited normally
    Mar  6 07
    :16:14 dropbear[30616]: Child connection from 149.255.202.108:51786
    Mar  6 07
    :16:14 dropbear[30616]: Password auth succeeded for 'Born' from 149.255.202.108:51786
    Mar  6 07
    :16:41 dropbear[30616]: Exit (Born): Exited normally 
    << , . , dropbear -?

    - (WAN) SSH 2222 .
    WAN , .

    . . .
    .
    , .
    - ?

    << tcpdump- ( ) , , ?

    - , SSH, SSH. :

    PHP Code:
    Feb 20 00:09:14 HTTP(SloginLogin successful from 189.25.95.249
    Feb 20 00
    :09:33 rc_servicehttpd 1258:notify_rc restart_time;restart_httpd;restart_upnp
    Feb 20 00
    :09:33 dropbear[1235]: Early exit: Terminated by signal
    Feb 20 00
    :09:33 kernelklogdexiting
    Feb 20 00
    :09:33 syslogd exiting
    Feb 20 00
    :09:33 syslogd startedBusyBox v1.25.1
    Feb 20 00
    :09:33 kernelklogd startedBusyBox v1.25.1 (2017-01-25 00:07:39 WET)
    Feb 20 00:09:33 dropbear[1903]: Running in background
    Feb 20 00
    :09:34 start_nat_rulesapply the nat_rules(/tmp/nat_rules_vlan2_vlan2)!
    Feb 20 00:09:34 RT-AC68Ustart httpd
    Feb 20 00
    :09:36 miniupnpd[1929]: HTTP listening on port 55981
    Feb 20 00
    :09:36 miniupnpd[1929]: Listening for NAT-PMP/PCP traffic on port 5351
    Feb 20 00
    :09:36 hour monitordaemon is starting
    Feb 20 00
    :09:36 hour monitordaemon terminates
    Feb 20 00
    :09:41 dropbear[1930]: Child connection from 189.25.95.249:45127 
    Hint! http://forum.ixbt.com/topic.cgi?id=14:62613:2149#2149

  6. #126
    -
    ( -) 1200 20
    iptables-save
    Code:
    ...
    -A INPUT -p tcp -m tcp --dport 22022 --tcp-flags FIN,SYN,RST,ACK SYN -j BRUTE 
    ...
    -A BRUTE -m recent --update --seconds 1200 --hitcount 3 --name BRUTE --rsource -j DROP 
    -A BRUTE -m recent --set --name BRUTE --rsource -j ACCEPT
    ...
    , 10 .
    Code:
    20-05-2017 11:19:52 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:53053
    20-05-2017 11:19:52 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:53053
    20-05-2017 11:19:53 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:53053
    20-05-2017 11:19:54 (info|authpriv|dropbear) Exit before auth: Exited normally
    20-05-2017 11:27:23 (warning|authpriv|dropbear) Login attempt for nonexistent user from 46.128.44.23:47069
    20-05-2017 11:27:23 (warning|authpriv|dropbear) Login attempt for nonexistent user from 46.128.44.23:47069
    20-05-2017 11:27:24 (warning|authpriv|dropbear) Login attempt for nonexistent user from 46.128.44.23:47069
    20-05-2017 11:27:24 (info|authpriv|dropbear) Exit before auth: Exited normally
    20-05-2017 11:27:58 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:42213
    20-05-2017 11:27:59 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:42213
    20-05-2017 11:27:59 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:42213
    20-05-2017 11:28:00 (info|authpriv|dropbear) Exit before auth: Exited normally
    20-05-2017 11:35:51 (warning|authpriv|dropbear) Login attempt for nonexistent user from 46.128.44.23:40636
    20-05-2017 11:35:51 (warning|authpriv|dropbear) Login attempt for nonexistent user from 46.128.44.23:40636
    20-05-2017 11:35:51 (warning|authpriv|dropbear) Login attempt for nonexistent user from 46.128.44.23:40636
    20-05-2017 11:35:52 (info|authpriv|dropbear) Exit before auth: Exited normally
    20-05-2017 11:36:23 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:49339
    20-05-2017 11:36:23 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:49339
    20-05-2017 11:36:24 (warning|authpriv|dropbear) Login attempt for nonexistent user from 220.225.230.7:49339
    ?
    asus.vectormm.net/rtn/
    asus rt-n16

    - (
    , :
    Code:
    iptables -A INPUT -p tcp -s 220.225.230.7 --dport 22022 -j DROP
    iptables -A INPUT -p tcp -s 46.128.44.23 --dport 22022 -j DROP
    ,
    Last edited by egorart; 21-05-2017 at 14:16.

  7. #127
    .
    (nonexistent), .
    , .
    Code:
    22-05-2017 11:28:57 (warning|authpriv|dropbear) Bad password attempt for 'root' from 188.xxx.xx.10:14384
    22-05-2017 11:29:02 (warning|authpriv|dropbear) Bad password attempt for 'root' from 188.xxx.xx.10:14384
    22-05-2017 11:29:02 (info|authpriv|dropbear) Exit before auth (user 'root', 10 fails): Max auth tries reached - user 'root' from 188.xxx.xx.10:14384
    , , (iptables -A INPUT -p tcp -s 220.225.230.7 --dport 22022 -j DROP), .
    (iptables -I INPUT -s 220.225.230.7 -j DROP), .
    ip .

    ..
    ... , fail2ban . .

  8. #128

Page 9 of 9 FirstFirst ... 789

Similar Threads

  1. Oscam fr Mipsel Router
    By N3m3515 in forum German Discussion - Deutsch (DE)
    Replies: 7
    Last Post: 28-03-2015, 05:31
  2. Light-weight web based music browser / streamer
    By mingoto in forum WL-500g Custom Development
    Replies: 6
    Last Post: 03-08-2009, 19:20
  3. Replies: 2
    Last Post: 24-03-2009, 17:18
  4. New 1.0.4.6 based custom firmware
    By kfurge in forum WL-700g Firmware Discussion
    Replies: 272
    Last Post: 20-11-2007, 17:15
  5. Recompiling with mipsel
    By smarechal in forum WL-500g Custom Development
    Replies: 6
    Last Post: 21-03-2005, 12:48

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •