UJP - 技術情報2 : YAMAHA/RTX/vpndrop をテンプレートにして作成
Life is fun and easy!
不正IP報告数
Okan Sensor
Home
Information
Service
Tech(Free)
Tech(Member)
Blog
FAQ
メイン
ホーム
お知らせ
技術新着情報
組織
サービス
技術情報2
新規ページ作成
最新ページ一覧
全ページ一覧
ヘルプ
技術情報1
技術情報
ブログ
RSSサイト更新
旧ブログ
FAQ
画像ファイル管理
ログイン
ユーザー名:
パスワード:
パスワード再発行手続き
|
無料会員入会手続へ...
ブログ カテゴリ一覧
雑記
(237)
投資で凍死
(271)
時事
(506)
テレビ・ドラマ
(419)
映画
(915)
007シリーズ
(33)
刑事コロンボ
(62)
災害
(212)
スキルチャージ
(49)
放送大学
(23)
Python
(10)
検定・試験
(32)
セキュリティ
(5)
ニュース・徒然
(325)
脆弱性情報/注意喚起
(110)
スパム・フィッシング
(634)
攻撃/ブルートフォース
(24)
ツール
(130)
事故・事件
(104)
文献・統計・参考資料
(128)
ベンダ・サービス
(3)
事故被害者記録
(46)
あとで確認
(1)
システム障害事故
(55)
サイト構築
(74)
Apple
(18)
MacBook Pro
(0)
2011 13inch
(31)
2007 15inch
(1)
2008 17inch
(20)
2015 15inch
(6)
Mac Pro 2013
(10)
Apple Watch
(84)
mac mini
(0)
2018
(1)
2011 server
(4)
2010 server
(5)
2014
(15)
2010
(36)
2005
(8)
MacBook
(0)
2017 12inch
(11)
2008 late
(45)
MacBook Air
(0)
2011 13inch/BCP
(9)
2013 13inch/US
(5)
2011 11inch
(31)
2011 13inch
(8)
Macソフト
(134)
Mac周辺機器
(36)
PowerBook
(5)
iPod touch/iOS
(59)
iPhone
(172)
iPad
(76)
ガジェット
(116)
fire tv
(1)
文房具
(19)
HUAWEI Watch FIT
(10)
カメラ/デジカメ
(40)
タイムラプス
(6)
ネットワーク機器
(17)
ネットワークケーブル
(4)
ネットワークその他
(8)
ネットワークスピード
(14)
YAMAHA/ヤマハ
(1)
FWX120
(2)
RTX1200
(14)
RTX1100/RTX1000
(10)
RT107e
(2)
NETGEAR WAC510
(11)
NERGEAR Orbi
(1)
Panasonic MNOseries
(3)
マウス&キーボード
(58)
AV機器・レグザ
(99)
電球
(11)
ハウツー
(105)
GPS/地図
(70)
ビジネス
(169)
新規ビジネス
(19)
お仕事
(63)
ケータイビジネス
(41)
PC
(11)
Raspberry Pi
(58)
ML110 G5
(20)
LIFEBOOK
(11)
Surface
(50)
ThinkPad R61
(5)
CF-LX4
(9)
CF-RZ6
(7)
DynabookPT45
(8)
PN-ZP30
(5)
EndeavorTN40
(4)
Intel NUC6CAYS
(2)
モバイル
(16)
ケータイスマホ機種
(34)
スマホアプリ
(73)
データ通信・契約
(79)
EMONSTER
(5)
IDEOS
(12)
Galaxy Note
(39)
Windows Phone
(20)
Nexus
(22)
コンピュータ
(11)
Windows
(90)
サーバソフト
(32)
Db2
(16)
クライアントソフト
(76)
インターネット
(69)
Google
(119)
ネットサービス
(157)
ハードウェア
(19)
プリンタ
(9)
ストレージ
(5)
ディスプレイ
(11)
情報システム
(95)
趣味
(3)
ポケモンGO
(640)
寝台特急カシオペア/カシオペア紀行
(34)
TOKYO2020
(85)
雑草対策
(27)
食べた
(209)
たべた(駅弁)
(30)
飲んだ
(33)
調理した
(24)
ラーメン・麺類
(202)
鉄道
(237)
農園
(168)
アクアリウム
(160)
ホテル・旅館
(44)
書評
(42)
演劇
(22)
車・バイク
(76)
自然・星
(37)
散策・近代建築
(18)
神社・寺
(50)
高層ビル
(24)
現代建築
(15)
建築物
(6)
観光・名所
(88)
イベント
(73)
散策:城
(34)
ディズニー
(24)
モーターショー
(16)
鳥
(9)
美術館
(28)
コンサート/ライブ
(72)
船
(3)
スポーツ
(120)
音楽
(76)
ミニカー
(4)
Nゲージダイキャスト
(8)
Nゲージ
(0)
サマリ
(6)
ピンバッチ
(3)
サイト運営
(39)
人生
(68)
監視/防犯/みまもり/遠隔
(93)
お金の話
(94)
体・病気
(118)
相続・土地売買
(17)
コンテンツ更新情報
(2)
ヤマハのRTX1100で中国からの不正なVPNをブロックする
をテンプレートにして作成
技術情報2
YAMAHA/RTX/vpndrop をテンプレートにして作成
開始行:
*ヤマハのRTX1100で中国からの不正なVPNをブロックする
**はじめに
ヤマハのVPNルータRTX1100が再起動していたので,原因を調...
**syslogからの調査
VPNはPPTPを使いっていて,GREで1723ポートを使っているの...
pp1# show log|grep 1723
2015/10/16 04:12:41: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:41: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:42: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:42: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:44: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:44: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:45: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:45: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:45: PP[01] Passed at IN(2009) filter: T...
2015/10/16 09:26:34: PP[01] Passed at IN(2009) filter: T...
2015/10/16 09:26:37: PP[01] Passed at IN(2009) filter: T...
2015/10/16 09:26:37: PP[01] Passed at IN(2009) filter: T...
2015/10/16 09:26:38: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:23: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:24: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:24: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:24: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:25: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:25: PP[01] Passed at IN(2009) filter: T...
2015/10/17 01:08:17: PP[01] Passed at IN(2009) filter: T...
2015/10/17 01:08:19: PP[01] Passed at IN(2009) filter: T...
2015/10/17 01:08:20: PP[01] Passed at IN(2009) filter: T...
2015/10/17 01:08:20: PP[01] Passed at IN(2009) filter: T...
2015/10/17 06:22:03: PP[01] Passed at IN(2009) filter: T...
2015/10/17 06:22:04: PP[01] Passed at IN(2009) filter: T...
2015/10/17 06:22:05: PP[01] Passed at IN(2009) filter: T...
2015/10/17 06:22:05: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:50: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:50: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:50: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:51: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:51: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:51: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:52: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:53: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:53: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:53: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:54: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:54: PP[01] Passed at IN(2009) filter: T...
pp1#
183.60.48.25と113.108.21.16からのアクセスがあることがわ...
**RTXでフィルタ設定をする
不正アクセスがあったアドレスをリジェクト(拒否)するフ...
pp1# ip filter 2510 reject-log 183.60.48.25 * * * *
pp1# ip filter 2511 reject-log 113.108.21.16 * * * *
pp1#
ちゃんとリジェクトされたか確認するために,ログを残すよ...
そして,フィルタをセットする.
pp1# pp select 1
pp1# ip pp secure filter in 2510 2511 2000 2001 2098 200...
pp1#
これでしらばく様子を見る.
**数日経過してRejectedを確認
タイトルの徹ですが,リジェクトを確認しました.これでフ...
> show log reverse|grep 1723
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 07:43:58: PP[01] Rejected at IN(2511) filter:...
2015/10/20 07:43:58: PP[01] Rejected at IN(2511) filter:...
>
これを見ていると,普通にIPアドレスの末尾を連番で接続し...
**RTXへの1723ポートへの接続を過去ログをsyslogから調べてみ...
RTX1100のログはsyslogサーバへ転送しているので,そのログ...
ujp:log vpnserver$ grep ":1723" rtx.log|head
May 14 14:01:18 203.141.135.17 PP[01] Passed at IN(2009)...
May 14 14:01:19 203.141.135.17 PP[01] Passed at IN(2009)...
May 15 05:10:21 203.141.135.17 PP[01] Passed at IN(2009)...
May 15 16:42:05 203.141.135.17 PP[01] Passed at IN(2009)...
May 16 14:01:23 203.141.135.17 PP[01] Passed at IN(2009)...
May 16 14:01:23 203.141.135.17 PP[01] Passed at IN(2009)...
May 16 17:32:57 203.141.135.17 PP[01] Passed at IN(2009)...
May 17 21:32:36 203.141.135.17 PP[01] Passed at IN(2009)...
May 17 21:32:37 203.141.135.17 PP[01] Passed at IN(2009)...
May 17 21:32:38 203.141.135.17 PP[01] Passed at IN(2009)...
ujp:log vpnserver$
source IPアドレスを取り出すために,次のようにコマンドを...
ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}...
855 183.60.48.25
258 113.108.21.16
223 91.214.71.176
209 180.153.113.141
164 37.46.105.40
130 218.77.79.38
121 61.160.224.129
91 61.240.144.66
78 61.240.144.65
67 61.240.144.64
54 61.240.144.67
50 66.240.192.138
38 42.120.142.221
36 71.6.167.142
36 71.6.135.131
33 198.20.69.98
32 92.247.120.50
32 66.240.236.119
29 71.6.165.200
27 85.25.103.50
27 14.17.35.181
25 198.20.70.114
24 42.156.250.110
22 42.156.250.112
22 42.156.250.111
22 37.46.105.77
21 42.120.142.220
20 42.156.250.115
19 42.120.142.223
18 42.156.250.116
18 42.156.250.113
17 42.156.250.119
15 160.249.228.226
13 91.192.92.18
13 160.249.248.137
12 42.120.142.222
10 42.156.250.117
9 112.216.163.130
8 93.120.27.62
7 42.156.250.118
7 42.156.250.114
7 223.152.40.93
7 223.152.208.143
7 222.242.143.53
6 93.174.93.68
6 182.118.54.62
6 182.118.53.149
6 182.118.53.110
6 114.112.90.54
5 89.46.100.172
5 82.221.105.6
5 182.118.55.225
5 182.118.54.88
5 182.118.53.83
5 182.118.53.120
5 1.72.132.218
4 222.107.91.130
4 182.118.60.75
4 182.118.60.57
4 182.118.60.54
4 182.118.55.144
4 182.118.53.74
4 182.118.45.250
4 182.118.45.237
4 150.255.118.88
4 123.117.167.147
4 122.226.102.84
4 119.4.26.184
4 112.80.138.35
3 85.10.210.199
3 61.55.208.115
3 61.52.59.196
3 61.52.50.145
3 60.216.142.113
3 60.216.140.18
3 60.216.137.180
3 60.208.164.245
3 60.166.225.127
3 60.16.15.219
3 60.16.13.42
3 60.16.1.75
3 59.174.194.25
3 59.174.194.181
3 59.174.188.75
3 59.174.188.19
3 59.174.188.124
3 58.243.229.40
3 58.20.99.77
3 58.20.99.232
3 58.20.98.73
3 58.20.98.202
3 58.20.98.152
3 58.19.1.199
3 58.19.1.134
3 58.19.0.80
3 58.19.0.44
3 49.74.81.136
3 45.79.164.57
3 42.92.129.95
3 42.92.129.198
3 36.44.99.141
3 27.211.57.128
3 27.211.179.63
3 27.211.176.25
3 27.10.76.243
3 27.10.76.200
3 27.10.73.165
3 27.10.209.156
3 222.94.97.34
3 222.75.44.211
3 222.75.38.105
3 221.0.17.141
3 220.200.25.254
3 220.173.16.31
3 220.169.18.75
3 219.157.194.34
3 219.157.193.54
3 218.8.85.223
3 218.58.34.35
3 218.58.33.202
3 217.12.204.104
3 211.97.123.99
3 211.97.123.86
3 211.97.123.69
3 211.97.123.18
3 211.97.122.243
3 211.138.245.224
3 210.76.215.72
3 210.76.194.2
3 210.72.64.191
3 188.138.9.50
3 182.242.59.250
3 182.118.60.83
3 182.118.60.50
3 182.118.55.159
3 182.118.54.17
3 182.118.45.229
3 182.108.48.179
3 180.109.226.40
3 175.184.165.199
3 175.184.160.99
3 175.17.210.36
3 175.17.207.106
3 175.17.194.10
3 175.12.104.148
3 171.37.255.123
3 171.37.252.38
3 171.37.110.151
3 171.37.108.106
3 171.36.55.244
3 171.36.53.76
3 153.0.60.237
3 150.255.22.238
3 150.255.17.145
3 14.104.191.70
3 14.104.190.165
3 14.104.189.27
3 14.104.189.199
3 14.104.187.67
3 14.104.184.119
3 139.212.96.214
3 139.212.92.22
3 125.76.92.26
3 125.211.38.65
3 125.211.38.221
3 125.119.8.168
3 124.90.53.224
3 124.90.49.190
3 124.90.48.126
3 123.6.170.24
3 123.6.161.177
3 123.158.61.163
3 123.139.23.68
3 123.139.23.107
3 123.139.21.15
3 123.117.166.72
3 123.117.165.68
3 123.117.163.229
3 122.96.17.218
3 122.96.16.11
3 122.96.130.207
3 121.237.195.14
3 121.237.192.58
3 120.85.201.95
3 120.32.70.44
3 119.4.27.52
3 119.4.24.45
3 119.119.178.63
3 119.108.158.16
3 119.108.145.2
3 118.81.6.145
3 118.81.226.11
3 118.250.141.99
3 118.250.141.53
3 116.114.73.249
3 116.113.70.185
3 115.200.236.87
3 115.198.203.55
3 114.97.87.250
3 114.97.65.176
3 114.96.165.62
3 114.96.162.27
3 114.221.19.131
3 113.248.147.9
3 113.135.99.137
3 113.135.98.60
3 112.80.211.55
3 112.80.137.117
3 112.67.214.129
3 112.67.193.160
3 112.66.85.203
3 112.66.51.203
3 112.66.28.22
3 112.66.24.177
3 112.193.88.15
3 112.123.29.203
3 112.117.16.17
3 112.111.3.153
3 112.111.1.249
3 112.111.0.96
3 112.111.0.76
3 111.85.216.86
3 111.85.216.59
3 111.85.179.140
3 111.162.153.231
3 111.162.152.189
3 111.162.142.161
3 111.113.165.247
3 110.84.209.25
3 110.84.208.130
3 110.84.203.102
3 110.241.68.152
3 110.240.175.225
3 106.45.173.86
3 101.68.4.31
3 101.68.127.206
3 101.68.126.59
3 101.24.55.183
3 1.31.59.58
3 1.31.57.240
2 91.224.160.18
2 66.154.119.132
2 64.34.253.40
2 60.248.138.219
2 59.15.16.105
2 222.98.225.248
2 218.17.160.22
2 211.241.133.40
2 210.205.0.249
2 209.183.219.246
2 188.138.1.218
2 182.118.60.87
2 182.118.60.63
2 182.118.60.56
2 182.118.60.48
2 182.118.60.37
2 182.118.60.19
2 182.118.60.15
2 182.118.60.14
2 182.118.60.115
2 182.118.55.240
2 182.118.55.212
2 182.118.55.210
2 182.118.55.202
2 182.118.55.200
2 182.118.55.196
2 182.118.55.185
2 182.118.55.179
2 182.118.55.175
2 182.118.55.165
2 182.118.55.161
2 182.118.55.153
2 182.118.55.147
2 182.118.55.135
2 182.118.55.114
2 182.118.55.113
2 182.118.54.86
2 182.118.54.56
2 182.118.54.54
2 182.118.54.21
2 182.118.54.19
2 182.118.54.12
2 182.118.54.115
2 182.118.54.114
2 182.118.54.109
2 182.118.54.102
2 182.118.53.99
2 182.118.53.86
2 182.118.53.81
2 182.118.53.70
2 182.118.53.52
2 182.118.53.37
2 182.118.53.252
2 182.118.53.235
2 182.118.53.225
2 182.118.53.218
2 182.118.53.213
2 182.118.53.207
2 182.118.53.201
2 182.118.53.200
2 182.118.53.194
2 182.118.53.168
2 182.118.53.150
2 182.118.53.143
2 182.118.53.138
2 182.118.53.132
2 182.118.53.106
2 182.118.53.101
2 182.118.45.245
2 182.118.45.217
2 171.13.14.51
2 171.13.14.3
2 171.13.14.29
2 159.226.134.253
2 113.17.173.12
2 112.123.27.200
2 107.178.109.9
2 101.226.179.84
1 95.211.191.156
1 94.102.49.207
1 93.174.95.83
1 93.174.93.235
1 92.247.120.60
1 89.40.71.152
1 89.248.174.100
1 89.248.169.35
1 80.82.78.27
1 80.82.65.59
1 80.82.65.205
1 80.82.64.68
1 69.164.203.180
1 66.154.119.29
1 66.154.119.12
1 66.154.119.11
1 66.154.119.108
1 64.34.251.53
1 64.215.242.5
1 60.21.167.126
1 23.94.17.2
1 217.71.50.2
1 211.195.214.9
1 211.186.255.122
1 203.195.168.197
1 202.74.40.117
1 198.52.103.155
1 198.12.86.74
1 198.12.86.234
1 195.211.154.157
1 195.211.154.133
1 192.74.249.136
1 178.208.77.51
1 125.220.140.248
1 124.95.181.13
1 123.140.204.6
1 122.116.6.168
1 121.225.246.214
1 114.34.252.247
1 112.216.55.162
1 111.192.165.77
1 107.151.195.229
ujp:log vpnserver$
これでみると,183.60.48.25と113.108.21.16以外にも,沢山...
**さらにログを集計してdrop対象を絞り込む
IPアドレスの第2クォートで集計してみる.
ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}...
855 183.60.*.*
290 61.240.*.*
258 113.108.*.*
223 91.214.*.*
209 180.153.*.*
199 182.118.*.*
186 37.46.*.*
165 42.156.*.*
130 218.77.*.*
121 61.160.*.*
101 71.6.*.*
90 42.120.*.*
82 66.240.*.*
58 198.20.*.*
33 92.247.*.*
28 160.249.*.*
27 85.25.*.*
27 14.17.*.*
18 14.104.*.*
15 59.174.*.*
15 58.20.*.*
15 211.97.*.*
14 223.152.*.*
13 91.192.*.*
13 123.117.*.*
12 58.19.*.*
12 27.10.*.*
12 171.37.*.*
12 112.66.*.*
12 112.111.*.*
10 150.255.*.*
10 119.4.*.*
10 112.80.*.*
10 112.216.*.*
9 60.216.*.*
9 60.16.*.*
9 27.211.*.*
9 175.17.*.*
9 124.90.*.*
ujp:log vpnserver$
これでトップ10を出してみる.
ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}...
855 183.60.*.*
290 61.240.*.*
258 113.108.*.*
223 91.214.*.*
209 180.153.*.*
199 182.118.*.*
186 37.46.*.*
165 42.156.*.*
130 218.77.*.*
121 61.160.*.*
ujp:log vpnserver$
この不正アクセスしてきているIPアドレスのトップ10につい...
MBA2011:~ ujp$ whois 183.60.0.0|grep country
country: CN
country: CN
MBA2011:~ ujp$ whois 61.240.0.0|grep country
country: CN
country: CN
MBA2011:~ ujp$ whois 113.108.0.0|grep country
country: CN
country: CN
country: CN
MBA2011:~ ujp$ whois 91.214.0.0|grep country
country: PL
MBA2011:~ ujp$ whois 180.153.0.0|grep country
country: CN
country: CN
MBA2011:~ ujp$ whois 182.118.0.0|grep country
country: CN
country: CN
country: CN
country: CN
MBA2011:~ ujp$ whois 37.46.0.0|grep country
country: GB
MBA2011:~ ujp$ whois 42.156.0.0|grep country
country: CN
country: CN
country: CN
MBA2011:~ ujp$ whois 218.77.0.0|grep country
country: CN
country: CN
country: CN
MBA2011:~ ujp$ whois 61.160.0.0|grep country
country: CN
country: CN
country: CN
country: CN
MBA2011:~ ujp$
CNは中国ですが,GBはグレートブリテン,つまりイギリス....
**ブロックするIPアドレスを決定する
ブロックするIPアドレスを多くすれば制度はあがるがFirewal...
ujp:log vpnserver $ grep ":1723" rtx.log|awk '{print $11...
855 183.60.48.25
258 113.108.21.16
223 91.214.71.176
209 180.153.113.141
164 37.46.105.40
130 218.77.79.38
121 61.160.224.129
91 61.240.144.66
78 61.240.144.65
67 61.240.144.64
ujp:log vpnserver $
ここでは61.240.*.*が3行ほどでているので,これはまとめ...
**RTX1100でフィルタを設定する
これまで調べたIPアドレスのトップ10をブロックしてみる.
# ip filter 2512 reject 91.214.71.176 * * * *
# ip filter 2513 reject 180.153.113.141 * * * *
# ip filter 2514 reject 37.46.105.40 * * * *
# ip filter 2515 reject 218.77.79.38 * * * *
# ip filter 2516 reject 61.160.224.129 * * * *
# ip filter 2517 reject 61.240.*.* * * * *
# ip filter 2518 reject 182.118.*.* * * * *
# pp select 1
pp1# ip pp secure filter in 2510 2511 2512 2513 2514 251...
pp1# save
Saving ... CONFIG1 Done .
pp1#
またこれでしばらく様子を見てみる.
終了行:
*ヤマハのRTX1100で中国からの不正なVPNをブロックする
**はじめに
ヤマハのVPNルータRTX1100が再起動していたので,原因を調...
**syslogからの調査
VPNはPPTPを使いっていて,GREで1723ポートを使っているの...
pp1# show log|grep 1723
2015/10/16 04:12:41: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:41: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:42: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:42: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:44: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:44: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:45: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:45: PP[01] Passed at IN(2009) filter: T...
2015/10/16 04:12:45: PP[01] Passed at IN(2009) filter: T...
2015/10/16 09:26:34: PP[01] Passed at IN(2009) filter: T...
2015/10/16 09:26:37: PP[01] Passed at IN(2009) filter: T...
2015/10/16 09:26:37: PP[01] Passed at IN(2009) filter: T...
2015/10/16 09:26:38: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:23: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:24: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:24: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:24: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:25: PP[01] Passed at IN(2009) filter: T...
2015/10/16 14:40:25: PP[01] Passed at IN(2009) filter: T...
2015/10/17 01:08:17: PP[01] Passed at IN(2009) filter: T...
2015/10/17 01:08:19: PP[01] Passed at IN(2009) filter: T...
2015/10/17 01:08:20: PP[01] Passed at IN(2009) filter: T...
2015/10/17 01:08:20: PP[01] Passed at IN(2009) filter: T...
2015/10/17 06:22:03: PP[01] Passed at IN(2009) filter: T...
2015/10/17 06:22:04: PP[01] Passed at IN(2009) filter: T...
2015/10/17 06:22:05: PP[01] Passed at IN(2009) filter: T...
2015/10/17 06:22:05: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:50: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:50: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:50: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:51: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:51: PP[01] Passed at IN(2009) filter: T...
2015/10/17 11:35:51: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:52: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:53: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:53: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:53: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:54: PP[01] Passed at IN(2009) filter: T...
2015/10/17 16:49:54: PP[01] Passed at IN(2009) filter: T...
pp1#
183.60.48.25と113.108.21.16からのアクセスがあることがわ...
**RTXでフィルタ設定をする
不正アクセスがあったアドレスをリジェクト(拒否)するフ...
pp1# ip filter 2510 reject-log 183.60.48.25 * * * *
pp1# ip filter 2511 reject-log 113.108.21.16 * * * *
pp1#
ちゃんとリジェクトされたか確認するために,ログを残すよ...
そして,フィルタをセットする.
pp1# pp select 1
pp1# ip pp secure filter in 2510 2511 2000 2001 2098 200...
pp1#
これでしらばく様子を見る.
**数日経過してRejectedを確認
タイトルの徹ですが,リジェクトを確認しました.これでフ...
> show log reverse|grep 1723
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter:...
2015/10/20 07:43:58: PP[01] Rejected at IN(2511) filter:...
2015/10/20 07:43:58: PP[01] Rejected at IN(2511) filter:...
>
これを見ていると,普通にIPアドレスの末尾を連番で接続し...
**RTXへの1723ポートへの接続を過去ログをsyslogから調べてみ...
RTX1100のログはsyslogサーバへ転送しているので,そのログ...
ujp:log vpnserver$ grep ":1723" rtx.log|head
May 14 14:01:18 203.141.135.17 PP[01] Passed at IN(2009)...
May 14 14:01:19 203.141.135.17 PP[01] Passed at IN(2009)...
May 15 05:10:21 203.141.135.17 PP[01] Passed at IN(2009)...
May 15 16:42:05 203.141.135.17 PP[01] Passed at IN(2009)...
May 16 14:01:23 203.141.135.17 PP[01] Passed at IN(2009)...
May 16 14:01:23 203.141.135.17 PP[01] Passed at IN(2009)...
May 16 17:32:57 203.141.135.17 PP[01] Passed at IN(2009)...
May 17 21:32:36 203.141.135.17 PP[01] Passed at IN(2009)...
May 17 21:32:37 203.141.135.17 PP[01] Passed at IN(2009)...
May 17 21:32:38 203.141.135.17 PP[01] Passed at IN(2009)...
ujp:log vpnserver$
source IPアドレスを取り出すために,次のようにコマンドを...
ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}...
855 183.60.48.25
258 113.108.21.16
223 91.214.71.176
209 180.153.113.141
164 37.46.105.40
130 218.77.79.38
121 61.160.224.129
91 61.240.144.66
78 61.240.144.65
67 61.240.144.64
54 61.240.144.67
50 66.240.192.138
38 42.120.142.221
36 71.6.167.142
36 71.6.135.131
33 198.20.69.98
32 92.247.120.50
32 66.240.236.119
29 71.6.165.200
27 85.25.103.50
27 14.17.35.181
25 198.20.70.114
24 42.156.250.110
22 42.156.250.112
22 42.156.250.111
22 37.46.105.77
21 42.120.142.220
20 42.156.250.115
19 42.120.142.223
18 42.156.250.116
18 42.156.250.113
17 42.156.250.119
15 160.249.228.226
13 91.192.92.18
13 160.249.248.137
12 42.120.142.222
10 42.156.250.117
9 112.216.163.130
8 93.120.27.62
7 42.156.250.118
7 42.156.250.114
7 223.152.40.93
7 223.152.208.143
7 222.242.143.53
6 93.174.93.68
6 182.118.54.62
6 182.118.53.149
6 182.118.53.110
6 114.112.90.54
5 89.46.100.172
5 82.221.105.6
5 182.118.55.225
5 182.118.54.88
5 182.118.53.83
5 182.118.53.120
5 1.72.132.218
4 222.107.91.130
4 182.118.60.75
4 182.118.60.57
4 182.118.60.54
4 182.118.55.144
4 182.118.53.74
4 182.118.45.250
4 182.118.45.237
4 150.255.118.88
4 123.117.167.147
4 122.226.102.84
4 119.4.26.184
4 112.80.138.35
3 85.10.210.199
3 61.55.208.115
3 61.52.59.196
3 61.52.50.145
3 60.216.142.113
3 60.216.140.18
3 60.216.137.180
3 60.208.164.245
3 60.166.225.127
3 60.16.15.219
3 60.16.13.42
3 60.16.1.75
3 59.174.194.25
3 59.174.194.181
3 59.174.188.75
3 59.174.188.19
3 59.174.188.124
3 58.243.229.40
3 58.20.99.77
3 58.20.99.232
3 58.20.98.73
3 58.20.98.202
3 58.20.98.152
3 58.19.1.199
3 58.19.1.134
3 58.19.0.80
3 58.19.0.44
3 49.74.81.136
3 45.79.164.57
3 42.92.129.95
3 42.92.129.198
3 36.44.99.141
3 27.211.57.128
3 27.211.179.63
3 27.211.176.25
3 27.10.76.243
3 27.10.76.200
3 27.10.73.165
3 27.10.209.156
3 222.94.97.34
3 222.75.44.211
3 222.75.38.105
3 221.0.17.141
3 220.200.25.254
3 220.173.16.31
3 220.169.18.75
3 219.157.194.34
3 219.157.193.54
3 218.8.85.223
3 218.58.34.35
3 218.58.33.202
3 217.12.204.104
3 211.97.123.99
3 211.97.123.86
3 211.97.123.69
3 211.97.123.18
3 211.97.122.243
3 211.138.245.224
3 210.76.215.72
3 210.76.194.2
3 210.72.64.191
3 188.138.9.50
3 182.242.59.250
3 182.118.60.83
3 182.118.60.50
3 182.118.55.159
3 182.118.54.17
3 182.118.45.229
3 182.108.48.179
3 180.109.226.40
3 175.184.165.199
3 175.184.160.99
3 175.17.210.36
3 175.17.207.106
3 175.17.194.10
3 175.12.104.148
3 171.37.255.123
3 171.37.252.38
3 171.37.110.151
3 171.37.108.106
3 171.36.55.244
3 171.36.53.76
3 153.0.60.237
3 150.255.22.238
3 150.255.17.145
3 14.104.191.70
3 14.104.190.165
3 14.104.189.27
3 14.104.189.199
3 14.104.187.67
3 14.104.184.119
3 139.212.96.214
3 139.212.92.22
3 125.76.92.26
3 125.211.38.65
3 125.211.38.221
3 125.119.8.168
3 124.90.53.224
3 124.90.49.190
3 124.90.48.126
3 123.6.170.24
3 123.6.161.177
3 123.158.61.163
3 123.139.23.68
3 123.139.23.107
3 123.139.21.15
3 123.117.166.72
3 123.117.165.68
3 123.117.163.229
3 122.96.17.218
3 122.96.16.11
3 122.96.130.207
3 121.237.195.14
3 121.237.192.58
3 120.85.201.95
3 120.32.70.44
3 119.4.27.52
3 119.4.24.45
3 119.119.178.63
3 119.108.158.16
3 119.108.145.2
3 118.81.6.145
3 118.81.226.11
3 118.250.141.99
3 118.250.141.53
3 116.114.73.249
3 116.113.70.185
3 115.200.236.87
3 115.198.203.55
3 114.97.87.250
3 114.97.65.176
3 114.96.165.62
3 114.96.162.27
3 114.221.19.131
3 113.248.147.9
3 113.135.99.137
3 113.135.98.60
3 112.80.211.55
3 112.80.137.117
3 112.67.214.129
3 112.67.193.160
3 112.66.85.203
3 112.66.51.203
3 112.66.28.22
3 112.66.24.177
3 112.193.88.15
3 112.123.29.203
3 112.117.16.17
3 112.111.3.153
3 112.111.1.249
3 112.111.0.96
3 112.111.0.76
3 111.85.216.86
3 111.85.216.59
3 111.85.179.140
3 111.162.153.231
3 111.162.152.189
3 111.162.142.161
3 111.113.165.247
3 110.84.209.25
3 110.84.208.130
3 110.84.203.102
3 110.241.68.152
3 110.240.175.225
3 106.45.173.86
3 101.68.4.31
3 101.68.127.206
3 101.68.126.59
3 101.24.55.183
3 1.31.59.58
3 1.31.57.240
2 91.224.160.18
2 66.154.119.132
2 64.34.253.40
2 60.248.138.219
2 59.15.16.105
2 222.98.225.248
2 218.17.160.22
2 211.241.133.40
2 210.205.0.249
2 209.183.219.246
2 188.138.1.218
2 182.118.60.87
2 182.118.60.63
2 182.118.60.56
2 182.118.60.48
2 182.118.60.37
2 182.118.60.19
2 182.118.60.15
2 182.118.60.14
2 182.118.60.115
2 182.118.55.240
2 182.118.55.212
2 182.118.55.210
2 182.118.55.202
2 182.118.55.200
2 182.118.55.196
2 182.118.55.185
2 182.118.55.179
2 182.118.55.175
2 182.118.55.165
2 182.118.55.161
2 182.118.55.153
2 182.118.55.147
2 182.118.55.135
2 182.118.55.114
2 182.118.55.113
2 182.118.54.86
2 182.118.54.56
2 182.118.54.54
2 182.118.54.21
2 182.118.54.19
2 182.118.54.12
2 182.118.54.115
2 182.118.54.114
2 182.118.54.109
2 182.118.54.102
2 182.118.53.99
2 182.118.53.86
2 182.118.53.81
2 182.118.53.70
2 182.118.53.52
2 182.118.53.37
2 182.118.53.252
2 182.118.53.235
2 182.118.53.225
2 182.118.53.218
2 182.118.53.213
2 182.118.53.207
2 182.118.53.201
2 182.118.53.200
2 182.118.53.194
2 182.118.53.168
2 182.118.53.150
2 182.118.53.143
2 182.118.53.138
2 182.118.53.132
2 182.118.53.106
2 182.118.53.101
2 182.118.45.245
2 182.118.45.217
2 171.13.14.51
2 171.13.14.3
2 171.13.14.29
2 159.226.134.253
2 113.17.173.12
2 112.123.27.200
2 107.178.109.9
2 101.226.179.84
1 95.211.191.156
1 94.102.49.207
1 93.174.95.83
1 93.174.93.235
1 92.247.120.60
1 89.40.71.152
1 89.248.174.100
1 89.248.169.35
1 80.82.78.27
1 80.82.65.59
1 80.82.65.205
1 80.82.64.68
1 69.164.203.180
1 66.154.119.29
1 66.154.119.12
1 66.154.119.11
1 66.154.119.108
1 64.34.251.53
1 64.215.242.5
1 60.21.167.126
1 23.94.17.2
1 217.71.50.2
1 211.195.214.9
1 211.186.255.122
1 203.195.168.197
1 202.74.40.117
1 198.52.103.155
1 198.12.86.74
1 198.12.86.234
1 195.211.154.157
1 195.211.154.133
1 192.74.249.136
1 178.208.77.51
1 125.220.140.248
1 124.95.181.13
1 123.140.204.6
1 122.116.6.168
1 121.225.246.214
1 114.34.252.247
1 112.216.55.162
1 111.192.165.77
1 107.151.195.229
ujp:log vpnserver$
これでみると,183.60.48.25と113.108.21.16以外にも,沢山...
**さらにログを集計してdrop対象を絞り込む
IPアドレスの第2クォートで集計してみる.
ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}...
855 183.60.*.*
290 61.240.*.*
258 113.108.*.*
223 91.214.*.*
209 180.153.*.*
199 182.118.*.*
186 37.46.*.*
165 42.156.*.*
130 218.77.*.*
121 61.160.*.*
101 71.6.*.*
90 42.120.*.*
82 66.240.*.*
58 198.20.*.*
33 92.247.*.*
28 160.249.*.*
27 85.25.*.*
27 14.17.*.*
18 14.104.*.*
15 59.174.*.*
15 58.20.*.*
15 211.97.*.*
14 223.152.*.*
13 91.192.*.*
13 123.117.*.*
12 58.19.*.*
12 27.10.*.*
12 171.37.*.*
12 112.66.*.*
12 112.111.*.*
10 150.255.*.*
10 119.4.*.*
10 112.80.*.*
10 112.216.*.*
9 60.216.*.*
9 60.16.*.*
9 27.211.*.*
9 175.17.*.*
9 124.90.*.*
ujp:log vpnserver$
これでトップ10を出してみる.
ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}...
855 183.60.*.*
290 61.240.*.*
258 113.108.*.*
223 91.214.*.*
209 180.153.*.*
199 182.118.*.*
186 37.46.*.*
165 42.156.*.*
130 218.77.*.*
121 61.160.*.*
ujp:log vpnserver$
この不正アクセスしてきているIPアドレスのトップ10につい...
MBA2011:~ ujp$ whois 183.60.0.0|grep country
country: CN
country: CN
MBA2011:~ ujp$ whois 61.240.0.0|grep country
country: CN
country: CN
MBA2011:~ ujp$ whois 113.108.0.0|grep country
country: CN
country: CN
country: CN
MBA2011:~ ujp$ whois 91.214.0.0|grep country
country: PL
MBA2011:~ ujp$ whois 180.153.0.0|grep country
country: CN
country: CN
MBA2011:~ ujp$ whois 182.118.0.0|grep country
country: CN
country: CN
country: CN
country: CN
MBA2011:~ ujp$ whois 37.46.0.0|grep country
country: GB
MBA2011:~ ujp$ whois 42.156.0.0|grep country
country: CN
country: CN
country: CN
MBA2011:~ ujp$ whois 218.77.0.0|grep country
country: CN
country: CN
country: CN
MBA2011:~ ujp$ whois 61.160.0.0|grep country
country: CN
country: CN
country: CN
country: CN
MBA2011:~ ujp$
CNは中国ですが,GBはグレートブリテン,つまりイギリス....
**ブロックするIPアドレスを決定する
ブロックするIPアドレスを多くすれば制度はあがるがFirewal...
ujp:log vpnserver $ grep ":1723" rtx.log|awk '{print $11...
855 183.60.48.25
258 113.108.21.16
223 91.214.71.176
209 180.153.113.141
164 37.46.105.40
130 218.77.79.38
121 61.160.224.129
91 61.240.144.66
78 61.240.144.65
67 61.240.144.64
ujp:log vpnserver $
ここでは61.240.*.*が3行ほどでているので,これはまとめ...
**RTX1100でフィルタを設定する
これまで調べたIPアドレスのトップ10をブロックしてみる.
# ip filter 2512 reject 91.214.71.176 * * * *
# ip filter 2513 reject 180.153.113.141 * * * *
# ip filter 2514 reject 37.46.105.40 * * * *
# ip filter 2515 reject 218.77.79.38 * * * *
# ip filter 2516 reject 61.160.224.129 * * * *
# ip filter 2517 reject 61.240.*.* * * * *
# ip filter 2518 reject 182.118.*.* * * * *
# pp select 1
pp1# ip pp secure filter in 2510 2511 2512 2513 2514 251...
pp1# save
Saving ... CONFIG1 Done .
pp1#
またこれでしばらく様子を見てみる.
ページ名:
Counter: 0, today: 0, yesterday: 0
広告スペース
検索用語を入力
検索フォームを送信
Web
www.ujp.jp
