묻고답하기
page_full_width" class="col-xs-12" |cond="$__Context->page_full_width">
해킹시도라고 봐야할까요? 고견을 부탁드립니다.
2002.04.18 15:13
사정상 오랜만에 서버에 접속해 로그파일을 보았습니다.
아무도 들어올리 없는(회사가 망하는 판이라) 서버에 FTP접속시도가 눈에 뜨이는 군요.
이걸 해킹시도하려다 실패한 것으로 봐야할까요?
서버관리 맡은지 얼마 안되는 리눅스맹이라서... --;
[root@localhost log]# cat secure.1
Apr 7 11:31:47 localhost xinetd[730]: START: ftp pid=28321 from=210.201.200.156
Apr 7 11:31:49 localhost xinetd[28321]: USERID: ftp OTHER :root
Apr 7 11:31:51 localhost xinetd[730]: EXIT: ftp pid=28321 duration=4(sec)
Apr 7 17:05:28 localhost xinetd[730]: START: ftp pid=29288 from=213.51.88.161
Apr 7 17:05:44 localhost xinetd[730]: EXIT: ftp pid=29288 duration=16(sec)
Apr 8 02:17:54 localhost xinetd[730]: START: ftp pid=30878 from=61.216.139.170
Apr 8 02:18:24 localhost xinetd[730]: EXIT: ftp pid=30878 duration=30(sec)
Apr 8 06:12:07 localhost xinetd[730]: START: ftp pid=31911 from=62.212.98.149
Apr 8 06:12:37 localhost xinetd[730]: EXIT: ftp pid=31911 duration=30(sec)
Apr 8 08:24:44 localhost xinetd[730]: START: ftp pid=32290 from=195.68.158.11
Apr 8 08:24:45 localhost xinetd[730]: EXIT: ftp pid=32290 duration=1(sec)
Apr 8 09:08:22 localhost sshd[32419]: Did not receive identification string fro
m 61.185.220.247.
Apr 8 11:41:24 localhost xinetd[730]: START: ftp pid=390 from=80.142.63.46
Apr 8 11:41:27 localhost xinetd[730]: EXIT: ftp pid=390 duration=3(sec)
Apr 8 15:50:53 localhost xinetd[730]: START: ftp pid=1129 from=211.152.16.10
Apr 8 15:51:01 localhost xinetd[730]: EXIT: ftp pid=1129 duration=8(sec)
Apr 8 20:31:33 localhost xinetd[730]: START: telnet pid=1941 from=211.22.232.82
Apr 8 23:39:32 localhost sshd[2479]: Did not receive identification string from
64.45.164.194.
Apr 9 06:11:20 localhost sshd[3978]: Did not receive identification string from
64.45.164.194.
Apr 9 07:43:45 localhost xinetd[730]: START: ftp pid=4238 from=80.14.212.122
Apr 9 07:43:45 localhost xinetd[730]: START: ftp pid=4239 from=80.14.212.122
Apr 9 07:44:06 localhost xinetd[730]: EXIT: ftp pid=4239 duration=21(sec)
Apr 9 07:44:06 localhost xinetd[730]: EXIT: ftp pid=4238 duration=21(sec)
Apr 9 08:33:07 localhost xinetd[730]: START: ftp pid=4385 from=207.93.59.136
Apr 9 08:33:18 localhost xinetd[730]: EXIT: ftp pid=4385 duration=11(sec)
Apr 9 13:28:34 localhost xinetd[730]: START: ftp pid=5236 from=211.54.99.91
Apr 9 13:28:48 localhost xinetd[730]: EXIT: ftp pid=5236 duration=14(sec)
Apr 9 13:33:02 localhost xinetd[730]: START: ftp pid=5251 from=12.251.46.103
Apr 9 13:33:12 localhost xinetd[730]: EXIT: ftp pid=5251 duration=10(sec)
Apr 10 05:23:54 localhost sshd[8346]: Did not receive identification string from
211.78.11.158.
Apr 10 08:18:48 localhost xinetd[730]: START: ftp pid=8859 from=217.128.160.193
Apr 10 08:18:48 localhost xinetd[730]: START: ftp pid=8860 from=217.128.160.193
Apr 10 08:19:22 localhost xinetd[730]: EXIT: ftp pid=8859 duration=34(sec)
Apr 10 08:19:22 localhost xinetd[730]: EXIT: ftp pid=8860 duration=34(sec)
Apr 10 10:09:58 localhost xinetd[730]: START: ftp pid=9182 from=80.13.26.216
Apr 10 10:10:18 localhost xinetd[730]: EXIT: ftp pid=9182 duration=20(sec)
Apr 10 16:53:14 localhost xinetd[730]: START: ftp pid=10343 from=200.23.87.34
Apr 10 16:53:15 localhost xinetd[10343]: USERID: ftp OTHER :root
Apr 10 16:53:15 localhost xinetd[730]: EXIT: ftp pid=10343 duration=1(sec)
Apr 10 18:22:26 localhost xinetd[730]: START: ftp pid=10606 from=213.46.44.142
Apr 10 18:22:41 localhost xinetd[730]: EXIT: ftp pid=10606 duration=15(sec)
Apr 11 00:50:23 localhost sshd[11722]: Did not receive identification string fro
m 211.195.72.123.
Apr 11 07:09:05 localhost xinetd[730]: START: ftp pid=13172 from=61.81.117.82
Apr 11 07:09:09 localhost xinetd[730]: EXIT: ftp pid=13172 duration=4(sec)
Apr 11 07:15:35 localhost xinetd[730]: START: ftp pid=13193 from=61.81.117.82
Apr 11 07:15:40 localhost xinetd[730]: EXIT: ftp pid=13193 duration=5(sec)
Apr 11 12:11:46 localhost xinetd[730]: START: ftp pid=14049 from=213.68.110.250
Apr 11 12:26:56 localhost xinetd[730]: EXIT: ftp pid=14049 duration=910(sec)
Apr 12 01:59:57 localhost xinetd[730]: START: ftp pid=16426 from=217.184.67.46
Apr 12 02:00:28 localhost xinetd[730]: EXIT: ftp pid=16426 duration=31(sec)
Apr 12 03:12:10 localhost xinetd[730]: START: ftp pid=16646 from=217.229.79.10
Apr 12 03:12:14 localhost xinetd[730]: EXIT: ftp pid=16646 duration=4(sec)
Apr 12 07:26:53 localhost xinetd[730]: START: ftp pid=17732 from=80.132.113.200
Apr 12 07:27:23 localhost xinetd[730]: EXIT: ftp pid=17732 duration=30(sec)
Apr 12 09:56:07 localhost xinetd[730]: START: ftp pid=18160 from=210.90.53.250
Apr 12 09:56:07 localhost xinetd[730]: EXIT: ftp pid=18160 duration=0(sec)
Apr 12 15:23:54 localhost xinetd[730]: START: ftp pid=19110 from=211.192.202.114
Apr 12 15:25:12 localhost xinetd[730]: START: telnet pid=19116 from=211.192.202.
114
Apr 12 15:37:43 localhost xinetd[730]: EXIT: ftp pid=19110 duration=829(sec)
Apr 12 21:04:36 localhost xinetd[730]: START: ftp pid=20150 from=62.212.98.149
Apr 12 21:05:06 localhost xinetd[730]: EXIT: ftp pid=20150 duration=30(sec)
Apr 12 21:32:34 localhost xinetd[730]: START: ftp pid=20228 from=217.225.73.156
Apr 12 21:32:41 localhost xinetd[730]: EXIT: ftp pid=20228 duration=7(sec)
Apr 12 22:44:37 localhost xinetd[730]: START: ftp pid=20433 from=213.17.157.218
Apr 12 22:44:39 localhost xinetd[20433]: USERID: ftp OTHER :root
Apr 12 22:44:39 localhost xinetd[730]: EXIT: ftp pid=20433 duration=2(sec)
Apr 12 22:50:20 localhost xinetd[730]: START: ftp pid=20454 from=213.17.157.218
Apr 12 22:50:21 localhost xinetd[20454]: USERID: ftp OTHER :root
Apr 12 22:50:22 localhost xinetd[730]: EXIT: ftp pid=20454 duration=2(sec)
Apr 12 22:50:42 localhost xinetd[730]: START: ftp pid=20455 from=213.17.157.218
Apr 12 22:50:58 localhost xinetd[20455]: USERID: ftp OTHER :root
Apr 12 22:51:00 localhost xinetd[730]: EXIT: ftp pid=20455 duration=18(sec)
Apr 13 02:12:57 localhost xinetd[730]: START: ftp pid=21044 from=211.238.91.206
Apr 13 02:13:01 localhost xinetd[730]: EXIT: ftp pid=21044 duration=4(sec)
Apr 13 06:23:07 localhost xinetd[730]: START: ftp pid=22118 from=80.13.158.109
Apr 13 06:23:24 localhost xinetd[730]: EXIT: ftp pid=22118 duration=17(sec)
Apr 13 07:40:43 localhost xinetd[730]: START: ftp pid=22341 from=217.83.205.19
Apr 13 07:41:13 localhost xinetd[730]: EXIT: ftp pid=22341 duration=30(sec)
Apr 13 08:27:57 localhost xinetd[730]: START: ftp pid=22478 from=217.128.164.224
Apr 13 08:28:27 localhost xinetd[730]: EXIT: ftp pid=22478 duration=30(sec)
Apr 13 11:04:55 localhost xinetd[730]: START: ftp pid=22935 from=211.243.27.9
Apr 13 11:04:57 localhost xinetd[730]: EXIT: ftp pid=22935 duration=2(sec)
Apr 13 19:30:40 localhost xinetd[730]: START: ftp pid=24413 from=192.118.6.21
Apr 13 19:30:44 localhost xinetd[730]: EXIT: ftp pid=24413 duration=4(sec)
Apr 14 04:01:09 localhost sshd[25890]: Did not receive identification string fro
m 211.195.72.123.
아무도 들어올리 없는(회사가 망하는 판이라) 서버에 FTP접속시도가 눈에 뜨이는 군요.
이걸 해킹시도하려다 실패한 것으로 봐야할까요?
서버관리 맡은지 얼마 안되는 리눅스맹이라서... --;
[root@localhost log]# cat secure.1
Apr 7 11:31:47 localhost xinetd[730]: START: ftp pid=28321 from=210.201.200.156
Apr 7 11:31:49 localhost xinetd[28321]: USERID: ftp OTHER :root
Apr 7 11:31:51 localhost xinetd[730]: EXIT: ftp pid=28321 duration=4(sec)
Apr 7 17:05:28 localhost xinetd[730]: START: ftp pid=29288 from=213.51.88.161
Apr 7 17:05:44 localhost xinetd[730]: EXIT: ftp pid=29288 duration=16(sec)
Apr 8 02:17:54 localhost xinetd[730]: START: ftp pid=30878 from=61.216.139.170
Apr 8 02:18:24 localhost xinetd[730]: EXIT: ftp pid=30878 duration=30(sec)
Apr 8 06:12:07 localhost xinetd[730]: START: ftp pid=31911 from=62.212.98.149
Apr 8 06:12:37 localhost xinetd[730]: EXIT: ftp pid=31911 duration=30(sec)
Apr 8 08:24:44 localhost xinetd[730]: START: ftp pid=32290 from=195.68.158.11
Apr 8 08:24:45 localhost xinetd[730]: EXIT: ftp pid=32290 duration=1(sec)
Apr 8 09:08:22 localhost sshd[32419]: Did not receive identification string fro
m 61.185.220.247.
Apr 8 11:41:24 localhost xinetd[730]: START: ftp pid=390 from=80.142.63.46
Apr 8 11:41:27 localhost xinetd[730]: EXIT: ftp pid=390 duration=3(sec)
Apr 8 15:50:53 localhost xinetd[730]: START: ftp pid=1129 from=211.152.16.10
Apr 8 15:51:01 localhost xinetd[730]: EXIT: ftp pid=1129 duration=8(sec)
Apr 8 20:31:33 localhost xinetd[730]: START: telnet pid=1941 from=211.22.232.82
Apr 8 23:39:32 localhost sshd[2479]: Did not receive identification string from
64.45.164.194.
Apr 9 06:11:20 localhost sshd[3978]: Did not receive identification string from
64.45.164.194.
Apr 9 07:43:45 localhost xinetd[730]: START: ftp pid=4238 from=80.14.212.122
Apr 9 07:43:45 localhost xinetd[730]: START: ftp pid=4239 from=80.14.212.122
Apr 9 07:44:06 localhost xinetd[730]: EXIT: ftp pid=4239 duration=21(sec)
Apr 9 07:44:06 localhost xinetd[730]: EXIT: ftp pid=4238 duration=21(sec)
Apr 9 08:33:07 localhost xinetd[730]: START: ftp pid=4385 from=207.93.59.136
Apr 9 08:33:18 localhost xinetd[730]: EXIT: ftp pid=4385 duration=11(sec)
Apr 9 13:28:34 localhost xinetd[730]: START: ftp pid=5236 from=211.54.99.91
Apr 9 13:28:48 localhost xinetd[730]: EXIT: ftp pid=5236 duration=14(sec)
Apr 9 13:33:02 localhost xinetd[730]: START: ftp pid=5251 from=12.251.46.103
Apr 9 13:33:12 localhost xinetd[730]: EXIT: ftp pid=5251 duration=10(sec)
Apr 10 05:23:54 localhost sshd[8346]: Did not receive identification string from
211.78.11.158.
Apr 10 08:18:48 localhost xinetd[730]: START: ftp pid=8859 from=217.128.160.193
Apr 10 08:18:48 localhost xinetd[730]: START: ftp pid=8860 from=217.128.160.193
Apr 10 08:19:22 localhost xinetd[730]: EXIT: ftp pid=8859 duration=34(sec)
Apr 10 08:19:22 localhost xinetd[730]: EXIT: ftp pid=8860 duration=34(sec)
Apr 10 10:09:58 localhost xinetd[730]: START: ftp pid=9182 from=80.13.26.216
Apr 10 10:10:18 localhost xinetd[730]: EXIT: ftp pid=9182 duration=20(sec)
Apr 10 16:53:14 localhost xinetd[730]: START: ftp pid=10343 from=200.23.87.34
Apr 10 16:53:15 localhost xinetd[10343]: USERID: ftp OTHER :root
Apr 10 16:53:15 localhost xinetd[730]: EXIT: ftp pid=10343 duration=1(sec)
Apr 10 18:22:26 localhost xinetd[730]: START: ftp pid=10606 from=213.46.44.142
Apr 10 18:22:41 localhost xinetd[730]: EXIT: ftp pid=10606 duration=15(sec)
Apr 11 00:50:23 localhost sshd[11722]: Did not receive identification string fro
m 211.195.72.123.
Apr 11 07:09:05 localhost xinetd[730]: START: ftp pid=13172 from=61.81.117.82
Apr 11 07:09:09 localhost xinetd[730]: EXIT: ftp pid=13172 duration=4(sec)
Apr 11 07:15:35 localhost xinetd[730]: START: ftp pid=13193 from=61.81.117.82
Apr 11 07:15:40 localhost xinetd[730]: EXIT: ftp pid=13193 duration=5(sec)
Apr 11 12:11:46 localhost xinetd[730]: START: ftp pid=14049 from=213.68.110.250
Apr 11 12:26:56 localhost xinetd[730]: EXIT: ftp pid=14049 duration=910(sec)
Apr 12 01:59:57 localhost xinetd[730]: START: ftp pid=16426 from=217.184.67.46
Apr 12 02:00:28 localhost xinetd[730]: EXIT: ftp pid=16426 duration=31(sec)
Apr 12 03:12:10 localhost xinetd[730]: START: ftp pid=16646 from=217.229.79.10
Apr 12 03:12:14 localhost xinetd[730]: EXIT: ftp pid=16646 duration=4(sec)
Apr 12 07:26:53 localhost xinetd[730]: START: ftp pid=17732 from=80.132.113.200
Apr 12 07:27:23 localhost xinetd[730]: EXIT: ftp pid=17732 duration=30(sec)
Apr 12 09:56:07 localhost xinetd[730]: START: ftp pid=18160 from=210.90.53.250
Apr 12 09:56:07 localhost xinetd[730]: EXIT: ftp pid=18160 duration=0(sec)
Apr 12 15:23:54 localhost xinetd[730]: START: ftp pid=19110 from=211.192.202.114
Apr 12 15:25:12 localhost xinetd[730]: START: telnet pid=19116 from=211.192.202.
114
Apr 12 15:37:43 localhost xinetd[730]: EXIT: ftp pid=19110 duration=829(sec)
Apr 12 21:04:36 localhost xinetd[730]: START: ftp pid=20150 from=62.212.98.149
Apr 12 21:05:06 localhost xinetd[730]: EXIT: ftp pid=20150 duration=30(sec)
Apr 12 21:32:34 localhost xinetd[730]: START: ftp pid=20228 from=217.225.73.156
Apr 12 21:32:41 localhost xinetd[730]: EXIT: ftp pid=20228 duration=7(sec)
Apr 12 22:44:37 localhost xinetd[730]: START: ftp pid=20433 from=213.17.157.218
Apr 12 22:44:39 localhost xinetd[20433]: USERID: ftp OTHER :root
Apr 12 22:44:39 localhost xinetd[730]: EXIT: ftp pid=20433 duration=2(sec)
Apr 12 22:50:20 localhost xinetd[730]: START: ftp pid=20454 from=213.17.157.218
Apr 12 22:50:21 localhost xinetd[20454]: USERID: ftp OTHER :root
Apr 12 22:50:22 localhost xinetd[730]: EXIT: ftp pid=20454 duration=2(sec)
Apr 12 22:50:42 localhost xinetd[730]: START: ftp pid=20455 from=213.17.157.218
Apr 12 22:50:58 localhost xinetd[20455]: USERID: ftp OTHER :root
Apr 12 22:51:00 localhost xinetd[730]: EXIT: ftp pid=20455 duration=18(sec)
Apr 13 02:12:57 localhost xinetd[730]: START: ftp pid=21044 from=211.238.91.206
Apr 13 02:13:01 localhost xinetd[730]: EXIT: ftp pid=21044 duration=4(sec)
Apr 13 06:23:07 localhost xinetd[730]: START: ftp pid=22118 from=80.13.158.109
Apr 13 06:23:24 localhost xinetd[730]: EXIT: ftp pid=22118 duration=17(sec)
Apr 13 07:40:43 localhost xinetd[730]: START: ftp pid=22341 from=217.83.205.19
Apr 13 07:41:13 localhost xinetd[730]: EXIT: ftp pid=22341 duration=30(sec)
Apr 13 08:27:57 localhost xinetd[730]: START: ftp pid=22478 from=217.128.164.224
Apr 13 08:28:27 localhost xinetd[730]: EXIT: ftp pid=22478 duration=30(sec)
Apr 13 11:04:55 localhost xinetd[730]: START: ftp pid=22935 from=211.243.27.9
Apr 13 11:04:57 localhost xinetd[730]: EXIT: ftp pid=22935 duration=2(sec)
Apr 13 19:30:40 localhost xinetd[730]: START: ftp pid=24413 from=192.118.6.21
Apr 13 19:30:44 localhost xinetd[730]: EXIT: ftp pid=24413 duration=4(sec)
Apr 14 04:01:09 localhost sshd[25890]: Did not receive identification string fro
m 211.195.72.123.