[除錯] 請問...BrazilFW連外掛掉的原因?
不好意思, 底下的log有點長, 因為我不知道哪邊是重點...
今天晚上發現沒辦法打開網頁, 於是連進主機BrazilFW,
看了一下系統log, 看到似乎有從遠端試root密碼錯誤的訊
息,
---
Jan 14 07:21:52 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
---
AVALON是我的BrazilFW主機名, IP為192.168.1.1
連接modem及兩台無線基地台Fate 192.168.1.3 Disband DHCP server
和Nanoha 192.168.1.2 Disband DHCP server
由AVALON發從192.168.1.10~192.168.1.99的內部IP
我原本覺得連外掛掉的原因是遭到攻擊, 不過仔細看看應該它試root
秘碼試了幾次失敗應該就暫時IP就被Banish掉了?
應該不是它連外掛掉的原因, 也不太算是攻擊吧。
後來重開機重撥號就連的上了, 想請問連外掛掉的原因這個log看的出
來嗎?還是有哪裡已經出問題了嗎?感謝 <(_ _)>
----------------------log↓-----------------------------------------
Jan 14 04:31:10 AVALON daemon.info thttpd[1550]: timers - 3 allocated, 3
active, 0 free
Jan 14 04:31:11 AVALON daemon.info thttpd[1629]: up 2930400 seconds, stats
for 3600 seconds:
Jan 14 04:31:11 AVALON daemon.info thttpd[1629]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 3 httpd_conns allocated
Jan 14 04:31:11 AVALON daemon.info thttpd[1629]: libhttpd - 48 strings
allocated, 13850
bytes (288.542 bytes/str)
Jan 14 04:31:11 AVALON daemon.info thttpd[1629]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 04:31:11 AVALON daemon.info thttpd[1629]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 04:31:11 AVALON daemon.info thttpd[1629]: timers - 3 allocated, 3
active, 0 free
Jan 14 05:31:10 AVALON daemon.info thttpd[1550]: up 2934000 seconds, stats
for 3600 seconds:
Jan 14 05:31:10 AVALON daemon.info thttpd[1550]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 0 httpd_conns allocated
Jan 14 05:31:10 AVALON daemon.info thttpd[1550]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 05:31:10 AVALON daemon.info thttpd[1550]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 05:31:10 AVALON daemon.info thttpd[1550]: timers - 3 allocated, 3
active, 0 free
Jan 14 05:31:11 AVALON daemon.info thttpd[1629]: up 2934000 seconds, stats
for 3600 seconds:
Jan 14 05:31:11 AVALON daemon.info thttpd[1629]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 3 httpd_conns allocated
Jan 14 05:31:11 AVALON daemon.info thttpd[1629]: libhttpd - 48 strings
allocated, 13850
bytes (288.542 bytes/str)
Jan 14 05:31:11 AVALON daemon.info thttpd[1629]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 05:31:11 AVALON daemon.info thttpd[1629]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 05:31:11 AVALON daemon.info thttpd[1629]: timers - 3 allocated, 3
active, 0 free
Jan 14 06:31:10 AVALON daemon.info thttpd[1550]: up 2937600 seconds, stats
for 3600 seconds:
Jan 14 06:31:10 AVALON daemon.info thttpd[1550]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 0 httpd_conns allocated
Jan 14 06:31:10 AVALON daemon.info thttpd[1550]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 06:31:10 AVALON daemon.info thttpd[1550]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 06:31:10 AVALON daemon.info thttpd[1550]: timers - 3 allocated, 3
active, 0 free
Jan 14 06:31:11 AVALON daemon.info thttpd[1629]: up 2937600 seconds, stats
for 3600 seconds:
Jan 14 06:31:11 AVALON daemon.info thttpd[1629]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 3 httpd_conns allocated
Jan 14 06:31:11 AVALON daemon.info thttpd[1629]: libhttpd - 48 strings
allocated, 13850
bytes (288.542 bytes/str)
Jan 14 06:31:11 AVALON daemon.info thttpd[1629]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 06:31:11 AVALON daemon.info thttpd[1629]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 06:31:11 AVALON daemon.info thttpd[1629]: timers - 3 allocated, 3
active, 0 free
Jan 14 07:21:38 AVALON authpriv.info dropbear[12397]: Child connection from
41.196.72.68:4857
Jan 14 07:21:39 AVALON authpriv.info dropbear[12397]: exit before auth:
Exited normally
Jan 14 07:21:45 AVALON authpriv.info dropbear[12398]: Child connection from
41.196.72.68:2067
Jan 14 07:21:52 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:53 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:54 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:54 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:55 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:56 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:57 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:57 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:58 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:59 AVALON authpriv.warn dropbear[12398]: bad password attempt
for 'root' from
41.196.72.68:2067
Jan 14 07:21:59 AVALON authpriv.info dropbear[12398]: exit before auth (user
'root', 10
fails): Max auth tries reached - user 'root' from 41.196.72.68:2067
Jan 14 07:22:00 AVALON authpriv.info dropbear[12420]: Child connection from
41.196.72.68:2337
Jan 14 07:22:06 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:06 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:07 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:08 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:08 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:09 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:09 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:10 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:11 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:11 AVALON authpriv.warn dropbear[12420]: bad password attempt
for 'root' from
41.196.72.68:2337
Jan 14 07:22:12 AVALON authpriv.info dropbear[12420]: exit before auth (user
'root', 10
fails): Max auth tries reached - user 'root' from 41.196.72.68:2337
Jan 14 07:22:13 AVALON authpriv.info dropbear[12421]: Child connection from
41.196.72.68:2598
Jan 14 07:22:18 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:19 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:20 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:21 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:21 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:22 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:23 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:23 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:24 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:25 AVALON authpriv.warn dropbear[12421]: bad password attempt
for 'root' from
41.196.72.68:2598
Jan 14 07:22:25 AVALON authpriv.info dropbear[12421]: exit before auth (user
'root', 10
fails): Max auth tries reached - user 'root' from 41.196.72.68:2598
Jan 14 07:31:10 AVALON daemon.info thttpd[1550]: up 2941200 seconds, stats
for 3600 seconds:
Jan 14 07:31:10 AVALON daemon.info thttpd[1550]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 0 httpd_conns allocated
Jan 14 07:31:10 AVALON daemon.info thttpd[1550]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 07:31:10 AVALON daemon.info thttpd[1550]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 07:31:10 AVALON daemon.info thttpd[1550]: timers - 3 allocated, 3
active, 0 free
Jan 14 07:31:11 AVALON daemon.info thttpd[1629]: up 2941200 seconds, stats
for 3600 seconds:
Jan 14 07:31:11 AVALON daemon.info thttpd[1629]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 3 httpd_conns allocated
Jan 14 07:31:11 AVALON daemon.info thttpd[1629]: libhttpd - 48 strings
allocated, 13850
bytes (288.542 bytes/str)
Jan 14 07:31:11 AVALON daemon.info thttpd[1629]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 07:31:11 AVALON daemon.info thttpd[1629]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 07:31:11 AVALON daemon.info thttpd[1629]: timers - 3 allocated, 3
active, 0 free
Jan 14 07:49:07 AVALON authpriv.info dropbear[13094]: Child connection from
116.74.105.2:57198
Jan 14 07:49:07 AVALON authpriv.info dropbear[13094]: exit before auth:
Exited normally
Jan 14 07:53:55 AVALON authpriv.info dropbear[13221]: Child connection from
116.74.105.2:36904
Jan 14 07:53:55 AVALON authpriv.info dropbear[13221]: exit before auth:
Disconnect received
Jan 14 07:58:47 AVALON authpriv.info dropbear[13348]: Child connection from
62.2.243.37:45616
Jan 14 07:58:48 AVALON authpriv.info dropbear[13348]: exit before auth:
Exited normally
Jan 14 08:04:11 AVALON authpriv.info dropbear[13475]: Child connection from
62.2.243.37:57876
Jan 14 08:04:12 AVALON authpriv.info dropbear[13475]: exit before auth:
Disconnect received
Jan 14 08:31:10 AVALON daemon.info thttpd[1550]: up 2944800 seconds, stats
for 3600 seconds:
Jan 14 08:31:10 AVALON daemon.info thttpd[1550]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 0 httpd_conns allocated
Jan 14 08:31:10 AVALON daemon.info thttpd[1550]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 08:31:10 AVALON daemon.info thttpd[1550]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 08:31:10 AVALON daemon.info thttpd[1550]: timers - 3 allocated, 3
active, 0 free
Jan 14 08:31:11 AVALON daemon.info thttpd[1629]: up 2944800 seconds, stats
for 3600 seconds:
Jan 14 08:31:11 AVALON daemon.info thttpd[1629]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 3 httpd_conns allocated
Jan 14 08:31:11 AVALON daemon.info thttpd[1629]: libhttpd - 48 strings
allocated, 13850
bytes (288.542 bytes/str)
Jan 14 08:31:11 AVALON daemon.info thttpd[1629]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 08:31:11 AVALON daemon.info thttpd[1629]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 08:31:11 AVALON daemon.info thttpd[1629]: timers - 3 allocated, 3
active, 0 free
Jan 14 09:31:10 AVALON daemon.info thttpd[1550]: up 2948400 seconds, stats
for 3600 seconds:
Jan 14 09:31:10 AVALON daemon.info thttpd[1550]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 0 httpd_conns allocated
Jan 14 09:31:10 AVALON daemon.info thttpd[1550]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 09:31:10 AVALON daemon.info thttpd[1550]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 09:31:10 AVALON daemon.info thttpd[1550]: timers - 3 allocated, 3
active, 0 free
Jan 14 09:31:11 AVALON daemon.info thttpd[1629]: up 2948400 seconds, stats
for 3600 seconds:
Jan 14 09:31:11 AVALON daemon.info thttpd[1629]: thttpd - 0 connections
(0/sec), 0 max
simultaneous, 0 bytes (0/sec), 3 httpd_conns allocated
Jan 14 09:31:11 AVALON daemon.info thttpd[1629]: libhttpd - 48 strings
allocated, 13850
bytes (288.542 bytes/str)
Jan 14 09:31:11 AVALON daemon.info thttpd[1629]: map cache - 0 allocated, 0
active (0
bytes), 0 free; hash size: 0; expire age: 1800
Jan 14 09:31:11 AVALON daemon.info thttpd[1629]: fdwatch - 730 polls
(0.202778/sec)
Jan 14 09:31:11 AVALON daemon.info thttpd[1629]: timers - 3 allocated, 3
active, 0 free
Jan 14 10:06:09 AVALON daemon.info dnsmasq[1050]: DHCPDISCOVER(eth0)
00:0c:43:a1:03:61
Jan 14 10:06:09 AVALON daemon.info dnsmasq[1050]: DHCPOFFER(eth0)
192.168.1.40
00:0c:43:a1:03:61
Jan 14 10:06:09 AVALON daemon.info dnsmasq[1050]: DHCPREQUEST(eth0)
192.168.1.40
00:0c:43:a1:03:61
Jan 14 10:06:09 AVALON daemon.info dnsmasq[1050]: DHCPACK(eth0) 192.168.1.40
00:0c:43:a1:03:61 Soul
Jan 14 10:06:12 AVALON daemon.info dnsmasq[1050]: DHCPINFORM(eth0)
192.168.1.40
00:0c:43:a1:03:61
Jan 14 10:06:12 AVALON daemon.info dnsmasq[1050]: DHCPACK(eth0) 192.168.1.40
00:0c:43:a1:03:61 Soul
Jan 14 10:06:38 AVALON daemon.info dnsmasq[1050]: DHCPDISCOVER(eth0)
192.168.173.100
00:24:23:07:20:56
Jan 14 10:06:38 AVALON daemon.info dnsmasq[1050]: DHCPOFFER(eth0)
192.168.1.58
00:24:23:07:20:56
Jan 14 10:06:39 AVALON daemon.info dnsmasq[1050]: DHCPDISCOVER(eth0)
192.168.173.100
00:24:23:07:20:56
Jan 14 10:06:39 AVALON daemon.info dnsmasq[1050]: DHCPOFFER(eth0)
192.168.1.58
00:24:23:07:20:56
Jan 14 10:06:40 AVALON daemon.info dnsmasq[1050]: DHCPREQUEST(eth0)
192.168.1.58
00:24:23:07:20:56
Jan 14 10:06:40 AVALON daemon.info dnsmasq[1050]: DHCPACK(eth0) 192.168.1.58
00:24:23:07:20:56 RCCA-DIEGO-NB
Jan 14 10:06:51 AVALON daemon.info dnsmasq[1050]: DHCPINFORM(eth0)
192.168.1.58
00:24:23:07:20:56
Jan 14 10:06:51 AVALON daemon.info dnsmasq[1050]: DHCPACK(eth0) 192.168.1.58
00:24:23:07:20:56 RCCA-DIEGO-NB
Jan 14 10:07:36 AVALON daemon.info dnsmasq[1050]: DHCPINFORM(eth0)
192.168.1.40
00:0c:43:a1:03:61
Jan 14 10:07:36 AVALON daemon.info dnsmasq[1050]: DHCPACK(eth0) 192.168.1.40
00:0c:43:a1:03:61 Soul
Jan 14 10:09:01 AVALON daemon.info dnsmasq[1050]: DHCPINFORM(eth0)
192.168.1.40
00:0c:43:a1:03:61
Jan 14 10:09:01 AVALON daemon.info dnsmasq[1050]: DHCPACK(eth0) 192.168.1.40
00:0c:43:a1:03:61 Soul
Jan 14 10:09:24 AVALON daemon.info dnsmasq[1050]: DHCPDISCOVER(eth0)
169.254.113.179
00:26:18:7e:b5:73
Jan 14 10:09:24 AVALON daemon.info dnsmasq[1050]: DHCPOFFER(eth0)
192.168.1.22
00:26:18:7e:b5:73
Jan 14 10:09:24 AVALON daemon.info dnsmasq[1050]: DHCPREQUEST(eth0)
192.168.1.22
00:26:18:7e:b5:73
Jan 14 10:09:24 AVALON daemon.info dnsmasq[1050]: DHCPACK(eth0) 192.168.1.22
00:26:18:7e:b5:73 RCCA-DIEGO-NB
Jan 14 10:10:11 AVALON daemon.info thttpd[1629]: spawned CGI process 16647
for file 'cgi-
bin/diags.cgi'
Jan 14 10:10:11 AVALON daemon.info thttpd[1629]: spawned CGI process 16648
for file 'cgi-
bin/index.cgi'
Jan 14 10:10:25 AVALON daemon.info dnsmasq[1050]: DHCPINFORM(eth0)
192.168.1.40
00:0c:43:a1:03:61
Jan 14 10:10:25 AVALON daemon.info dnsmasq[1050]: DHCPACK(eth0) 192.168.1.40
00:0c:43:a1:03:61 Soul
Jan 14 10:10:25 AVALON daemon.info thttpd[1629]: spawned CGI process 17082
for file 'cgi-
bin/index.cgi'
Jan 14 10:10:31 AVALON daemon.info thttpd[1629]: spawned CGI process 17438
for file 'cgi-
bin/hangup-ppp.cgi'
Jan 14 10:10:31 AVALON daemon.info pppd[25495]: Terminating on signal 15.
Jan 14 10:10:31 AVALON daemon.warn pppd[25495]: Child process pppoe -I eth2
-m 1452 (pid
23357) terminated with signal 15
Jan 14 10:10:31 AVALON daemon.info ip-down: ip-down script called with: ppp0
38400
114.24.0.101 168.95.98.254
Jan 14 10:10:31 AVALON daemon.notice pppd[25495]: Connection terminated.
Jan 14 10:10:31 AVALON daemon.info pppd[25495]: Connect time 960.2 minutes.
Jan 14 10:10:31 AVALON daemon.info pppd[25495]: Sent 6681060 bytes, received
78820996 bytes.
Jan 14 10:10:31 AVALON daemon.err pppoe[23358]: read (asyncReadFromPPP):
Session 4289:
Input/output error
Jan 14 10:10:31 AVALON daemon.info pppoe[23358]: Sent PADT
Jan 14 10:10:31 AVALON daemon.info dnsmasq[1050]: read /etc/hosts - 2
addresses
Jan 14 10:10:31 AVALON daemon.info pppd[25495]: Connect time 960.2 minutes.
Jan 14 10:10:31 AVALON daemon.info pppd[25495]: Sent 6681060 bytes, received
78820996 bytes.
Jan 14 10:10:31 AVALON daemon.info pppd[25495]: Exit.
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 111.248.48.118
→
01/15 07:41, , 1F
01/15 07:41, 1F
→
01/15 20:59, , 2F
01/15 20:59, 2F
→
01/15 20:59, , 3F
01/15 20:59, 3F
→
01/15 21:57, , 4F
01/15 21:57, 4F
→
01/15 21:57, , 5F
01/15 21:57, 5F
推
01/16 12:27, , 6F
01/16 12:27, 6F
→
01/16 12:27, , 7F
01/16 12:27, 7F