å‚åŠ ã•ã‚ŒãŸã¿ãªã•ã‚“ã€æº–å‚™ã—ã¦ã„ãŸã ã„ãŸäº‹å‹™å±€ã®ã¿ãªã•ã‚“ã€ãƒ‘ケット浸りã®äºŒæ—¥é–“ã§ã—ãŸãŒãŠç–²ã‚Œæ§˜ã§ã—ãŸã€‚ã„やーãªã‚“ã‹å¤œâ†’深夜ã®ãƒ—レゼン大会もå«ã‚ã€æ¥½ã—ã‹ã£ãŸã§ã™ãー。麺ã¤ãªãŒã‚Šã§ä¹å·žã®ã€Œã‚»ã‚ュ蕎麦ã€ã¿ãŸã„ãªæ„Ÿã˜ãŒã¨ã£ã¦ã‚‚良ã‹ã£ãŸã§ã™ã€‚ã„ã‚„ã°ã‚Šã‹ãŸã¯ã°ã‚Šã‹ãŸã§ã™ã‘ã©ã。
ã„ãã¤ã‹èª¬æ˜Žã—忘れã¦ã„ãŸã“ã¨ã‚’書ã„ã¦ãŠãã¾ã™ã€‚
ã¾ãšã€é€”ä¸ã§Webサーãƒãƒ¼ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ããªããªã£ã¡ã‚ƒã£ãŸã‚Šã—ãŸä»¶ã§ã™ãŒã€å®Ÿã¯ã‚ã®ã‚µãƒ¼ãƒãƒ¼OSSECã£ã¦ã„ã†ãƒ›ã‚¹ãƒˆåž‹IDSãŒå…¥ã£ã¦ã„ãŸã‚“ã§ã™ã。ã§ã“ã®IDSã®ã‚¢ã‚¯ãƒ†ã‚£ãƒ–レスãƒãƒ³ã‚¹æ©Ÿèƒ½ãŒåƒã„ã¦ã€ä¸€æ™‚çš„ã«ã‚¢ã‚¯ã‚»ã‚¹æ‹’å¦ã¨ã‹ã«ãªã£ã¦ã„ãŸã‚“ã ã¨æ€ã„ã¾ã™ã€‚ãƒã‚°ã«ã¯ãã‚“ãªæ„Ÿã˜ã®è¨˜éŒ²ãŒæ®‹ã£ã¦ã¾ã—ãŸã€‚
Sat Sep 12 15:36:37 JST 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 192.168.11.18 1252737397.1434213 5706
Sat Sep 12 15:36:37 JST 2009 /var/ossec/active-response/bin/host-deny.sh add - 192.168.11.18 1252737397.1434213 5706
Sat Sep 12 15:37:31 JST 2009 /var/ossec/active-response/bin/host-deny.sh add - 192.168.11.110 1252737451.1434510 5706
Sat Sep 12 15:37:31 JST 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 192.168.11.110 1252737451.1434510 5706
Sat Sep 12 15:48:01 JST 2009 /var/ossec/active-response/bin/host-deny.sh delete - 192.168.11.18 1252737397.1434213 5706
Sat Sep 12 15:48:01 JST 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 192.168.11.18 1252737397.1434213 5706
Sat Sep 12 15:48:01 JST 2009 /var/ossec/active-response/bin/host-deny.sh delete - 192.168.11.110 1252737451.1434510 5706
Sat Sep 12 15:48:02 JST 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 192.168.11.110 1252737451.1434510 5706
上ã®ãƒ¤ãƒ„ã¯active-responseã®ãƒã‚°ã§ã™ãŒã€ä¸‹ã®ãƒ¤ãƒ„ãŒalertã§ã™ã。
Alert 1252737397.1433918: - syslog,sshd,recon,
2009 Sep 12 15:36:37 localhost->/var/log/secure
Rule: 5706 (level 6) -> 'SSH insecure connection attempt (scan).'
Src IP: 192.168.11.18
User: (none)
Sep 12 15:36:36 localhost sshd[7068]: Did not receive identification string from 192.168.11.18Alert 1252737451.1434213: - syslog,sshd,recon,
2009 Sep 12 15:37:31 localhost->/var/log/secure
Rule: 5706 (level 6) -> 'SSH insecure connection attempt (scan).'
Src IP: 192.168.11.110
User: (none)
Sep 12 15:37:30 localhost sshd[7112]: Did not receive identification string from 192.168.11.110
ãƒã‚°ã¯ã“ã‚Œã§å…¨éƒ¨ã˜ã‚ƒã‚ã‚Šã¾ã›ã‚“ãŒã€ä¼¼ãŸã‚ˆã†ãªãƒ‘ターンã®ã‚‚ã®ãŒå¤šæ•°æ®‹ã£ã¦ã¾ã—ãŸã€‚
ãƒãƒ¼ãƒˆã‚¹ã‚ャンã«åå¿œã—ãŸã®ã‹ãªï¼Ÿ
ルールè¨å®šã‚’見ã¦ã¿ã‚‹ã¨ã€ä¸Šè¨˜ã®ãƒã‚°ã¯ä»¥ä¸‹ã®ãƒ«ãƒ¼ãƒ«ã«åå¿œã—ãŸã£ã½ã„ã§ã™ã。
5700 Did not receive identification string from SSH insecure connection attempt (scan). recon,
identification stringãŒé€ã‚‰ã‚Œã¦ã“ãªã‹ã£ãŸã€ã¨ã„ã†ã“ã¨ã‚‰ã—ã„ã§ã™ã。ãµãƒ¼ã‚“。
最近ãªãœã‹ãƒˆãƒ¬ãƒ³ãƒ‰ãƒžã‚¤ã‚¯ãƒãªOSSECã®ãƒšãƒ¼ã‚¸ã¯こちら。
「ã„ãã¤ã‹ã€ã¨æ›¸ã„ã¦ãŠããªãŒã‚‰ä¸€ã¤ã ã‘ã§ã™ãŒï½—ã€ã¡ã‚‡ã£ã¨åŠ›å°½ã気味ãªã®ã§ã“ã“らã¸ã‚“ã§ã€‚
