script在try我的主機

隨風浮雲

這傢伙來自內地，沒事寫個script在try我的主機，請各位封了它!!

Wed 2005-08-24 18:16:12: ----------
Wed 2005-08-24 18:53:46: Session 990; child 1; thread 7692
Wed 2005-08-24 18:53:44: [990:1] Accepting SMTP connection from [218.79.86.158 : 1894]
Wed 2005-08-24 18:53:44: [990:1] Performing PTR lookup (158.86.79.218.IN-ADDR.ARPA)
Wed 2005-08-24 18:53:44: [990:1] * Error: Name server reports domain name unknown
Wed 2005-08-24 18:53:44: [990:1] ---- End PTR results
Wed 2005-08-24 18:53:44: [990:1] --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Wed, 24 Aug 2005 18:53:44 +0800
Wed 2005-08-24 18:53:44: [990:1] <-- EHLO cfwater.com.tw
Wed 2005-08-24 18:53:44: [990:1] Performing IP lookup (cfwater.com.tw)
Wed 2005-08-24 18:53:44: [990:1] * D=cfwater.com.tw TTL=(1440) A=[211.21.191.230]
Wed 2005-08-24 18:53:44: [990:1] ---- End IP lookup results
Wed 2005-08-24 18:53:44: [990:1] --> 250-cfwater.com.tw Hello cfwater.com.tw (may be forged), pleased to meet you
Wed 2005-08-24 18:53:44: [990:1] --> 250-ETRN
Wed 2005-08-24 18:53:44: [990:1] --> 250-AUTH=LOGIN
Wed 2005-08-24 18:53:44: [990:1] --> 250-AUTH LOGIN CRAM-MD5
Wed 2005-08-24 18:53:44: [990:1] --> 250-8BITMIME
Wed 2005-08-24 18:53:44: [990:1] --> 250 SIZE 0
Wed 2005-08-24 18:53:44: [990:1] <-- MAIL FROM:<[email protected]>
Wed 2005-08-24 18:53:44: [990:1] Performing IP lookup (cfwater.com.tw)
Wed 2005-08-24 18:53:45: [990:1] * D=cfwater.com.tw TTL=(1440) A=[211.21.191.230]
Wed 2005-08-24 18:53:45: [990:1] * P=010 D=cfwater.com.tw TTL=(60) MX=[cfwater.com.tw] {211.21.191.230}
Wed 2005-08-24 18:53:45: [990:1] ---- End IP lookup results
Wed 2005-08-24 18:53:45: [990:1] --> 550 <[email protected]>, Sender unknown
Wed 2005-08-24 18:53:46: [990:1] Error reading from socket!
Wed 2005-08-24 18:53:46: [990:1] Unexpected socket closure
Wed 2005-08-24 18:53:46: [990:1] SMTP session terminated (Bytes in/out: 58/275)
Wed 2005-08-24 18:53:46: ----------
Wed 2005-08-24 18:53:47: Session 991; child 1; thread 7460
Wed 2005-08-24 18:53:46: [991:1] Accepting SMTP connection from [218.79.86.158 : 1895]
Wed 2005-08-24 18:53:46: [991:1] Performing PTR lookup (158.86.79.218.IN-ADDR.ARPA)
Wed 2005-08-24 18:53:46: [991:1] * Error: Name server reports domain name unknown
Wed 2005-08-24 18:53:46: [991:1] ---- End PTR results
Wed 2005-08-24 18:53:46: [991:1] --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Wed, 24 Aug 2005 18:53:46 +0800
Wed 2005-08-24 18:53:46: [991:1] <-- EHLO cfwater.com.tw
Wed 2005-08-24 18:53:46: [991:1] Performing IP lookup (cfwater.com.tw)
Wed 2005-08-24 18:53:46: [991:1] * D=cfwater.com.tw TTL=(1440) A=[211.21.191.230]
Wed 2005-08-24 18:53:46: [991:1] ---- End IP lookup results
Wed 2005-08-24 18:53:46: [991:1] --> 250-cfwater.com.tw Hello cfwater.com.tw (may be forged), pleased to meet you
Wed 2005-08-24 18:53:46: [991:1] --> 250-ETRN
Wed 2005-08-24 18:53:46: [991:1] --> 250-AUTH=LOGIN
Wed 2005-08-24 18:53:46: [991:1] --> 250-AUTH LOGIN CRAM-MD5
Wed 2005-08-24 18:53:46: [991:1] --> 250-8BITMIME
Wed 2005-08-24 18:53:46: [991:1] --> 250 SIZE 0
Wed 2005-08-24 18:53:46: [991:1] <-- MAIL FROM:<[email protected]>
Wed 2005-08-24 18:53:46: [991:1] Performing IP lookup (cfwater.com.tw)
Wed 2005-08-24 18:53:47: [991:1] * D=cfwater.com.tw TTL=(1440) A=[211.21.191.230]
Wed 2005-08-24 18:53:47: [991:1] * P=010 D=cfwater.com.tw TTL=(60) MX=[cfwater.com.tw] {211.21.191.230}
Wed 2005-08-24 18:53:47: [991:1] ---- End IP lookup results
Wed 2005-08-24 18:53:47: [991:1] --> 550 <[email protected]>, Sender unknown
Wed 2005-08-24 18:53:47: [991:1] Error reading from socket!
Wed 2005-08-24 18:53:47: [991:1] Unexpected socket closure
Wed 2005-08-24 18:53:47: [991:1] SMTP session terminated (Bytes in/out: 58/275)

隨風浮雲

這個不死心的傢伙，我封掉它的IP，它又換了個IP，又來了!

Fri 2005-08-26 09:13:35: ----------
Fri 2005-08-26 09:15:42: Session 2328; child 1; thread 16516
Fri 2005-08-26 09:15:40: [2328:1] Accepting SMTP connection from [218.79.89.57 : 1727]
Fri 2005-08-26 09:15:40: [2328:1] Performing PTR lookup (57.89.79.218.IN-ADDR.ARPA)
Fri 2005-08-26 09:15:40: [2328:1] * Error: Name server reports domain name unknown
Fri 2005-08-26 09:15:40: [2328:1] ---- End PTR results
Fri 2005-08-26 09:15:40: [2328:1] --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Fri, 26 Aug 2005 09:15:40 +0800
Fri 2005-08-26 09:15:41: [2328:1] <-- EHLO cfwater.com.tw
Fri 2005-08-26 09:15:41: [2328:1] Performing IP lookup (cfwater.com.tw)
Fri 2005-08-26 09:15:41: [2328:1] * D=cfwater.com.tw TTL=(1440) A=[211.21.191.230]
Fri 2005-08-26 09:15:41: [2328:1] ---- End IP lookup results
Fri 2005-08-26 09:15:41: [2328:1] --> 250-cfwater.com.tw Hello cfwater.com.tw (may be forged), pleased to meet you
Fri 2005-08-26 09:15:41: [2328:1] --> 250-ETRN
Fri 2005-08-26 09:15:41: [2328:1] --> 250-AUTH=LOGIN
Fri 2005-08-26 09:15:41: [2328:1] --> 250-AUTH LOGIN CRAM-MD5
Fri 2005-08-26 09:15:41: [2328:1] --> 250-8BITMIME
Fri 2005-08-26 09:15:41: [2328:1] --> 250 SIZE 0
Fri 2005-08-26 09:15:41: [2328:1] <-- MAIL FROM:<[email protected]>
Fri 2005-08-26 09:15:41: [2328:1] Performing IP lookup (cfwater.com.tw)
Fri 2005-08-26 09:15:41: [2328:1] * D=cfwater.com.tw TTL=(1440) A=[211.21.191.230]
Fri 2005-08-26 09:15:41: [2328:1] * P=010 D=cfwater.com.tw TTL=(60) MX=[cfwater.com.tw] {211.21.191.230}
Fri 2005-08-26 09:15:41: [2328:1] ---- End IP lookup results
Fri 2005-08-26 09:15:41: [2328:1] --> 550 <[email protected]>, Sender unknown
Fri 2005-08-26 09:15:42: [2328:1] Error reading from socket!
Fri 2005-08-26 09:15:42: [2328:1] Unexpected socket closure
Fri 2005-08-26 09:15:42: [2328:1] SMTP session terminated (Bytes in/out: 54/271)

MarchFun

你要封的不是 IP，而是 cfwater.com.tw 這個主機名稱。

隨風浮雲

這是我家主機，我封了，我就不用收信，你可能不知道我要表達什麼?
這傢伙寫個script，用一些常用的管理者名稱，例如 Administrator、Service、Register這些公司網管常用的最高權限或可能開啟的信箱，然後就try你的主機，當它try成功後，就可以使用暴力破解密碼方法來破解密碼!

這是一般cracker常用的手段，尤其是Administrator這個帳號，大部份都是MS主機的最高權限者，如果被它試出來，大概整個主機就瓦解了!

P.S. MS主機是Administrator，而Liunx主機則是root，這二個都是內定的最高權限者。

而我只是列出MDEAMON的LOG，未列出防火牆的LOG，這傢伙幾乎我有開的PORT，它都有在TRY，尤其是網路上的芳鄰!

MarchFun

我不是不知道你要表達什麼，但不管他用什麼 Script，使用的主機名稱不就都是 cfwater.com.tw 嗎？
看看這篇囉：
http://www.suma.tw/modules/ipboar...p?showtopic=258