Contents
http://apex.wind.co.jp/tetsuro/f-bsd/serial.html
どうも2月27日頃から、
Postfix SMTP server: errors from unknown[222.239.78.38]
というエラーがあちこちのサーバから上がってくる。内容は、
Transcript of session follows. Out: 220 mail.kuji-clinic.info ESMTP Postfix In: HELO mail.com Out: 250 mail.kuji-clinic.info In: AUTH LOGIN Out: 502 5.5.2 Error: command not recognized Session aborted, reason: lost connection
と言う物なのだが、IPアドレスから逆引きは出来るが、正引きできないホストから大量に送信されている、いわゆる不正アクセスのようである。んで、サーバ毎に弾くというよりも、もう、ルータレベルでパケットを停めてみることにしてみたい。でFreeBSD箱のRS-232cへYAMAHA RT- を接続。
cu -l cuad0 -s 9600 (-s 9600 はデフォなので省略可) Connected <- ここでリターン 終了は「~.」 Password: RT105e Rev.6.03.15 (Mon Nov 25 09:53:28 2002) Copyright (c) 1994-2002 Yamaha Corporation. Copyright (c) 1991-1997 Regents of the University of California. Copyright (c) 1995-1996 Jean-loup Gailly and Mark Adler. Copyright (c) 1998-2000 Tokyo Institute of Technology. Copyright (c) 2000 Japan Advanced Institute of Science and Technology, HOKURIKU. 00:a0:de:0f:43:fd, 00:a0:de:0f:43:fe Memory 16Mbytes, 2LAN > administrator Password: # console character euc # save セーブ中... 終了
http://www.rtpro.yamaha.co.jp/RT/
http://www.rtpro.yamaha.co.jp/RT/manual/Rev.6.02.14/users.pdf
ip filter 10 reject 222.239.78.38 * * * * ip filter 11 reject-nolog 222.239.78.38 * udp * * ip filter 12 reject-nolog 222.239.78.38 * tcp * * ip filter 13 reject-nolog * 222.239.78.38 tcp * * ip filter 14 reject-nolog * 222.239.78.38 udp * *
などを作って、とりあえず
ip pp secure filter in 2 4 10 100 ip pp secure filter out 2 4 100
して、restart でログを見ると、
2009/02/28 16:01:33: PP[01] RECV LCP ProtRej in OPENED 2009/02/28 16:01:33: c0 21 08 01 00 14 80 57 01 01 00 0e 01 0a 02 a0 2009/02/28 16:01:33: de ff fe 0f 43 fd 00 00 00 00 00 00 00 00 00 00 2009/02/28 16:01:33: 00 00 00 00 00 00 00 00 2009/02/28 16:01:43: Login succeeded for Serial 2009/02/28 16:01:50: 'administrator' succeeded for Serial user 2009/02/28 16:05:31: Rejected directed broadcast: TCP 218.44.104.102:1947 > 218.44.228.159:445 2009/02/28 16:05:37: same message repeated 1 times 2009/02/28 16:05:37: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:39138 > 218.44.228.146:25 2009/02/28 16:05:37: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:41672 > 218.44.228.158:25 2009/02/28 16:05:37: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:57402 > 218.44.228.148:25 2009/02/28 16:05:37: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:34211 > 218.44.228.150:25 2009/02/28 16:05:40: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:39138 > 218.44.228.146:25 2009/02/28 16:05:40: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:41672 > 218.44.228.158:25 2009/02/28 16:05:40: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:57402 > 218.44.228.148:25 2009/02/28 16:05:40: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:34211 > 218.44.228.150:25 2009/02/28 16:05:46: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:39138 > 218.44.228.146:25 2009/02/28 16:05:46: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:41672 > 218.44.228.158:25 2009/02/28 16:05:46: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:57402 > 218.44.228.148:25 2009/02/28 16:05:46: PP[01] Rejected at IN(10) filter: TCP 222.239.78.38:34211 > 218.44.228.150:25 2009/02/28 16:06:04: Rejected directed broadcast: TCP 202.97.184.80:6000 > 218.44.228.144:2967 2009/02/28 16:06:04: Rejected directed broadcast: TCP 202.97.184.80:6000 > 218.44.228.159:2967
と言うことで、静かになりました。