milwater
2001-08-05, 11:24 AM
大大救郎哦~
這幾天一直有人要在我的server植入木馬, 搞得我不勝其擾!
照以前的經驗, 就算用了LockDown2K來做Firewall, 被攻破也只不過是時間的問題..
請問各位大大, 有辦法能夠制止這X的行為嗎??
以下是8月4日的log檔, 底線是自己的IP, 隱藏起來..
===========================================================================
** LockDown 2000 v7.0.0.6 - 星期六, 八月 4, 2001 - 10:08 PM 台北標準時間 **
:: Trojan network connectivity check enabled.
:: Auto Trojan scan is activated.
:: Nuke protection enabled.
:: ICQ Nuke protection enabled.
[2001/8/4 下午 10:09:12] System Area Change - Windows Directory - Rescanning
[2001/8/4 下午 10:09:42] Scan Complete.
[2001/8/4 下午 10:12:13] Incoming hack attempt from IP Address: 211.21.89.146
[2001/8/4 下午 10:12:13] Hacker is attempting to gain access using the Netbus trojan on port 12345.
[2001/8/4 下午 10:12:13] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:12:13] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:12:27] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:12:27] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 60 ms 100 ms 121 ms 10.21.89.254
3 330 ms 1252 ms 881 ms 211.21.89.145
4 110 ms 1141 ms 621 ms 211.21.89.146
[= Trace Route Complete =]
[2001/8/4 下午 10:12:28] Incoming hack attempt from IP Address: 211.21.89.146
[2001/8/4 下午 10:12:28] Hacker is attempting to gain access using the BackOrifice 2000 trojan on port 54320.
[2001/8/4 下午 10:12:28] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:12:28] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:12:42] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:12:42] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 50 ms 70 ms 70 ms 10.21.89.254
3 100 ms 100 ms 100 ms 211.21.89.145
4 171 ms * 420 ms 211.21.89.146
[= Trace Route Complete =]
[2001/8/4 下午 10:32:39] Incoming hack attempt from IP Address: 212.83.119.105
[2001/8/4 下午 10:32:39] Hacker is attempting to gain access using the Netbus trojan on port 12345.
[2001/8/4 下午 10:32:39] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:32:39] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:33:25] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:33:25] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 61 ms 60 ms 60 ms 10.21.89.254
3 50 ms 60 ms 60 ms 168.95.84.122
4 50 ms 50 ms 50 ms 211.22.36.2
5 50 ms 50 ms 61 ms 168.95.207.26
6 50 ms 50 ms 50 ms 211.22.33.131
7 200 ms 200 ms 200 ms 202.39.91.1
8 210 ms 200 ms 210 ms 157.130.197.97
9 200 ms 200 ms 200 ms 152.63.53.14
10 200 ms 210 ms 200 ms 152.63.49.210
11 200 ms 210 ms 201 ms 152.63.50.189
12 200 ms 210 ms 201 ms 205.171.4.97
13 200 ms 210 ms 201 ms 205.171.22.118
14 200 ms 210 ms 211 ms 205.171.5.123
15 270 ms 271 ms 270 ms 205.171.5.113
16 260 ms 271 ms 260 ms 205.171.30.14
17 261 ms 270 ms 270 ms 205.171.30.142
18 351 ms 360 ms 361 ms 134.222.231.73
19 360 ms 351 ms 350 ms 134.222.230.110
20 371 ms 380 ms 391 ms 134.222.230.150
21 380 ms 391 ms 391 ms 134.222.119.233
22 381 ms 391 ms 380 ms 212.226.242.106
23 381 ms 390 ms 391 ms 212.226.242.98
24 390 ms 401 ms 400 ms 193.65.231.90
25 391 ms 400 ms 401 ms 212.83.96.169
26 400 ms 401 ms 400 ms 212.83.119.2
27 531 ms 511 ms 511 ms 212.83.119.105
[= Trace Route Complete =]
[2001/8/4 下午 10:34:33] Incoming hack attempt from IP Address: 212.83.119.105
[2001/8/4 下午 10:34:33] Hacker is attempting to gain access using the Netbus trojan on port 12345.
[2001/8/4 下午 10:34:33] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:34:33] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:35:18] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:35:18] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 50 ms 61 ms 70 ms 10.21.89.254
3 50 ms 50 ms 50 ms 168.95.84.122
4 50 ms 60 ms 60 ms 211.22.36.2
5 50 ms 60 ms 50 ms 168.95.207.26
6 50 ms 60 ms 60 ms 211.22.33.131
7 201 ms 200 ms 200 ms 202.39.91.1
8 201 ms 200 ms 210 ms 157.130.197.97
9 201 ms 210 ms 200 ms 152.63.53.14
10 201 ms 210 ms 200 ms 152.63.49.210
11 201 ms 200 ms 200 ms 152.63.50.189
12 210 ms 210 ms 200 ms 205.171.4.97
13 200 ms 210 ms 210 ms 205.171.22.118
14 200 ms 200 ms 211 ms 205.171.5.123
15 270 ms 270 ms 271 ms 205.171.5.113
16 260 ms 271 ms 280 ms 205.171.30.14
17 260 ms 271 ms 270 ms 205.171.30.142
18 351 ms 360 ms 361 ms 134.222.231.73
19 360 ms 351 ms 370 ms 134.222.230.110
20 381 ms 380 ms 381 ms 134.222.230.150
21 380 ms 391 ms 380 ms 134.222.119.233
22 381 ms 390 ms 391 ms 212.226.242.106
23 380 ms 391 ms 381 ms 212.226.242.98
24 391 ms 401 ms 390 ms 193.65.231.90
25 401 ms 390 ms 401 ms 212.83.96.169
26 400 ms 411 ms 400 ms 212.83.119.2
27 491 ms 521 ms 510 ms 212.83.119.105
[= Trace Route Complete =]
[2001/8/4 下午 10:39:39] Incoming hack attempt from IP Address: 212.83.119.105
[2001/8/4 下午 10:39:39] Hacker is attempting to gain access using the Netbus trojan on port 12345.
[2001/8/4 下午 10:39:39] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:39:39] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:40:24] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:40:24] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 60 ms 70 ms 60 ms 10.21.89.254
3 50 ms 60 ms 50 ms 168.95.84.122
4 50 ms 60 ms 50 ms 211.22.36.2
5 50 ms 60 ms 60 ms 168.95.207.26
6 51 ms 50 ms 60 ms 211.22.33.131
7 200 ms 201 ms 200 ms 202.39.91.1
8 210 ms 201 ms 210 ms 157.130.197.97
9 200 ms 211 ms 200 ms 152.63.53.14
10 200 ms 201 ms 200 ms 152.63.49.210
11 200 ms 201 ms 200 ms 152.63.50.189
12 200 ms 201 ms 210 ms 205.171.4.97
13 200 ms 211 ms 200 ms 205.171.22.118
14 201 ms 210 ms 200 ms 205.171.5.123
15 271 ms 270 ms 270 ms 205.171.5.113
16 260 ms 270 ms 261 ms 205.171.30.14
17 260 ms 271 ms 270 ms 205.171.30.142
18 350 ms 361 ms 360 ms 134.222.231.73
19 351 ms 360 ms 371 ms 134.222.230.110
20 370 ms 381 ms 380 ms 134.222.230.150
21 381 ms 380 ms 391 ms 134.222.119.233
22 380 ms 391 ms 391 ms 212.226.242.106
23 381 ms 391 ms 390 ms 212.226.242.98
24 391 ms 400 ms 391 ms 193.65.231.90
25 390 ms 401 ms 400 ms 212.83.96.169
26 401 ms 400 ms 401 ms 212.83.119.2
27 621 ms 540 ms 511 ms 212.83.119.105
===========================================================================
:eek: T_T
贊助商連結
這幾天一直有人要在我的server植入木馬, 搞得我不勝其擾!
照以前的經驗, 就算用了LockDown2K來做Firewall, 被攻破也只不過是時間的問題..
請問各位大大, 有辦法能夠制止這X的行為嗎??
以下是8月4日的log檔, 底線是自己的IP, 隱藏起來..
===========================================================================
** LockDown 2000 v7.0.0.6 - 星期六, 八月 4, 2001 - 10:08 PM 台北標準時間 **
:: Trojan network connectivity check enabled.
:: Auto Trojan scan is activated.
:: Nuke protection enabled.
:: ICQ Nuke protection enabled.
[2001/8/4 下午 10:09:12] System Area Change - Windows Directory - Rescanning
[2001/8/4 下午 10:09:42] Scan Complete.
[2001/8/4 下午 10:12:13] Incoming hack attempt from IP Address: 211.21.89.146
[2001/8/4 下午 10:12:13] Hacker is attempting to gain access using the Netbus trojan on port 12345.
[2001/8/4 下午 10:12:13] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:12:13] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:12:27] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:12:27] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 60 ms 100 ms 121 ms 10.21.89.254
3 330 ms 1252 ms 881 ms 211.21.89.145
4 110 ms 1141 ms 621 ms 211.21.89.146
[= Trace Route Complete =]
[2001/8/4 下午 10:12:28] Incoming hack attempt from IP Address: 211.21.89.146
[2001/8/4 下午 10:12:28] Hacker is attempting to gain access using the BackOrifice 2000 trojan on port 54320.
[2001/8/4 下午 10:12:28] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:12:28] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:12:42] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:12:42] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 50 ms 70 ms 70 ms 10.21.89.254
3 100 ms 100 ms 100 ms 211.21.89.145
4 171 ms * 420 ms 211.21.89.146
[= Trace Route Complete =]
[2001/8/4 下午 10:32:39] Incoming hack attempt from IP Address: 212.83.119.105
[2001/8/4 下午 10:32:39] Hacker is attempting to gain access using the Netbus trojan on port 12345.
[2001/8/4 下午 10:32:39] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:32:39] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:33:25] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:33:25] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 61 ms 60 ms 60 ms 10.21.89.254
3 50 ms 60 ms 60 ms 168.95.84.122
4 50 ms 50 ms 50 ms 211.22.36.2
5 50 ms 50 ms 61 ms 168.95.207.26
6 50 ms 50 ms 50 ms 211.22.33.131
7 200 ms 200 ms 200 ms 202.39.91.1
8 210 ms 200 ms 210 ms 157.130.197.97
9 200 ms 200 ms 200 ms 152.63.53.14
10 200 ms 210 ms 200 ms 152.63.49.210
11 200 ms 210 ms 201 ms 152.63.50.189
12 200 ms 210 ms 201 ms 205.171.4.97
13 200 ms 210 ms 201 ms 205.171.22.118
14 200 ms 210 ms 211 ms 205.171.5.123
15 270 ms 271 ms 270 ms 205.171.5.113
16 260 ms 271 ms 260 ms 205.171.30.14
17 261 ms 270 ms 270 ms 205.171.30.142
18 351 ms 360 ms 361 ms 134.222.231.73
19 360 ms 351 ms 350 ms 134.222.230.110
20 371 ms 380 ms 391 ms 134.222.230.150
21 380 ms 391 ms 391 ms 134.222.119.233
22 381 ms 391 ms 380 ms 212.226.242.106
23 381 ms 390 ms 391 ms 212.226.242.98
24 390 ms 401 ms 400 ms 193.65.231.90
25 391 ms 400 ms 401 ms 212.83.96.169
26 400 ms 401 ms 400 ms 212.83.119.2
27 531 ms 511 ms 511 ms 212.83.119.105
[= Trace Route Complete =]
[2001/8/4 下午 10:34:33] Incoming hack attempt from IP Address: 212.83.119.105
[2001/8/4 下午 10:34:33] Hacker is attempting to gain access using the Netbus trojan on port 12345.
[2001/8/4 下午 10:34:33] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:34:33] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:35:18] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:35:18] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 50 ms 61 ms 70 ms 10.21.89.254
3 50 ms 50 ms 50 ms 168.95.84.122
4 50 ms 60 ms 60 ms 211.22.36.2
5 50 ms 60 ms 50 ms 168.95.207.26
6 50 ms 60 ms 60 ms 211.22.33.131
7 201 ms 200 ms 200 ms 202.39.91.1
8 201 ms 200 ms 210 ms 157.130.197.97
9 201 ms 210 ms 200 ms 152.63.53.14
10 201 ms 210 ms 200 ms 152.63.49.210
11 201 ms 200 ms 200 ms 152.63.50.189
12 210 ms 210 ms 200 ms 205.171.4.97
13 200 ms 210 ms 210 ms 205.171.22.118
14 200 ms 200 ms 211 ms 205.171.5.123
15 270 ms 270 ms 271 ms 205.171.5.113
16 260 ms 271 ms 280 ms 205.171.30.14
17 260 ms 271 ms 270 ms 205.171.30.142
18 351 ms 360 ms 361 ms 134.222.231.73
19 360 ms 351 ms 370 ms 134.222.230.110
20 381 ms 380 ms 381 ms 134.222.230.150
21 380 ms 391 ms 380 ms 134.222.119.233
22 381 ms 390 ms 391 ms 212.226.242.106
23 380 ms 391 ms 381 ms 212.226.242.98
24 391 ms 401 ms 390 ms 193.65.231.90
25 401 ms 390 ms 401 ms 212.83.96.169
26 400 ms 411 ms 400 ms 212.83.119.2
27 491 ms 521 ms 510 ms 212.83.119.105
[= Trace Route Complete =]
[2001/8/4 下午 10:39:39] Incoming hack attempt from IP Address: 212.83.119.105
[2001/8/4 下午 10:39:39] Hacker is attempting to gain access using the Netbus trojan on port 12345.
[2001/8/4 下午 10:39:39] Hacker's connection was terminated by Lockdown 2000.
[2001/8/4 下午 10:39:39] Log auto-saved to: 08042001.LOG
[2001/8/4 下午 10:40:24] Attempting to trace hacker's connection... Some traces may take a few minutes.
[2001/8/4 下午 10:40:24] =[Trace Route]=============================
1 <10 ms <10 ms <10 ms 211.21.__.__
2 60 ms 70 ms 60 ms 10.21.89.254
3 50 ms 60 ms 50 ms 168.95.84.122
4 50 ms 60 ms 50 ms 211.22.36.2
5 50 ms 60 ms 60 ms 168.95.207.26
6 51 ms 50 ms 60 ms 211.22.33.131
7 200 ms 201 ms 200 ms 202.39.91.1
8 210 ms 201 ms 210 ms 157.130.197.97
9 200 ms 211 ms 200 ms 152.63.53.14
10 200 ms 201 ms 200 ms 152.63.49.210
11 200 ms 201 ms 200 ms 152.63.50.189
12 200 ms 201 ms 210 ms 205.171.4.97
13 200 ms 211 ms 200 ms 205.171.22.118
14 201 ms 210 ms 200 ms 205.171.5.123
15 271 ms 270 ms 270 ms 205.171.5.113
16 260 ms 270 ms 261 ms 205.171.30.14
17 260 ms 271 ms 270 ms 205.171.30.142
18 350 ms 361 ms 360 ms 134.222.231.73
19 351 ms 360 ms 371 ms 134.222.230.110
20 370 ms 381 ms 380 ms 134.222.230.150
21 381 ms 380 ms 391 ms 134.222.119.233
22 380 ms 391 ms 391 ms 212.226.242.106
23 381 ms 391 ms 390 ms 212.226.242.98
24 391 ms 400 ms 391 ms 193.65.231.90
25 390 ms 401 ms 400 ms 212.83.96.169
26 401 ms 400 ms 401 ms 212.83.119.2
27 621 ms 540 ms 511 ms 212.83.119.105
===========================================================================
:eek: T_T
贊助商連結