ヤマハのRTX1100で中国からの不正なVPNをブロックする のバックアップの現在との差分(No.1)
技術情報2YAMAHA
/ RTX / vpndrop のバックアップの現在との差分(No.1)
- 差分 を表示
- ソース を表示
- YAMAHA/RTX/vpndrop へ行く。
1: 2015-10-17 (土) 20:00:18 nobuaki  |
現: 2017-12-03 (日) 02:04:42 nobuaki |
||
|---|---|---|---|
| Line 64: | Line 64: | ||
| pp1# pp select 1 | pp1# pp select 1 | ||
| - | pp1# ip pp secure filter out 2500 2501 2502 2503 2504 2505 2999 dynamic 2600 2601 2602 2603 2604 2700 2701 2510 2511 | + | pp1# ip pp secure filter in 2510 2511 2000 2001 2098 2002 2003 2004 2005 2006 2007 2008 2009 2010 2099 dynamic 2100 2101 2102 2103 2104 2105 2106 |
| pp1# | pp1# | ||
| これでしらばく様子を見る. | これでしらばく様子を見る. | ||
| + | |||
| + | **数日経過してRejectedを確認 [#fc9700ee] | ||
| + | |||
| + | タイトルの徹ですが,リジェクトを確認しました.これでフィルタが動作していることが確認できました. | ||
| + | |||
| + | > show log reverse|grep 1723 | ||
| + | 2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22203 > 203.141.135.21:1723 | ||
| + | 2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22203 > 203.141.135.23:1723 | ||
| + | 2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22203 > 203.141.135.19:1723 | ||
| + | 2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22203 > 203.141.135.16:1723 | ||
| + | 2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22203 > 203.141.135.20:1723 | ||
| + | 2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22203 > 203.141.135.18:1723 | ||
| + | 2015/10/21 09:53:38: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22203 > 192.168.0.1:1723 | ||
| + | 2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.23:1723 | ||
| + | 2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.21:1723 | ||
| + | 2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.19:1723 | ||
| + | 2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.18:1723 | ||
| + | 2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.20:1723 | ||
| + | 2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.22:1723 | ||
| + | 2015/10/21 04:39:35: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 192.168.0.1:1723 | ||
| + | 2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22200 > 203.141.135.21:1723 | ||
| + | 2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22200 > 203.141.135.23:1723 | ||
| + | 2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22200 > 203.141.135.19:1723 | ||
| + | 2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22200 > 203.141.135.16:1723 | ||
| + | 2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22200 > 203.141.135.18:1723 | ||
| + | 2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22200 > 203.141.135.20:1723 | ||
| + | 2015/10/20 23:25:44: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22200 > 192.168.0.1:1723 | ||
| + | 2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 203.141.135.20:1723 | ||
| + | 2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 203.141.135.16:1723 | ||
| + | 2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 203.141.135.18:1723 | ||
| + | 2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 192.168.0.1:1723 | ||
| + | 2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 203.141.135.21:1723 | ||
| + | 2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 203.141.135.19:1723 | ||
| + | 2015/10/20 18:11:54: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 203.141.135.23:1723 | ||
| + | 2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.21:1723 | ||
| + | 2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.19:1723 | ||
| + | 2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.20:1723 | ||
| + | 2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 192.168.0.1:1723 | ||
| + | 2015/10/20 12:57:56: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22207 > 203.141.135.16:1723 | ||
| + | 2015/10/20 07:43:58: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 203.141.135.19:1723 | ||
| + | 2015/10/20 07:43:58: PP[01] Rejected at IN(2511) filter: TCP 113.108.21.16:22202 > 192.168.0.1:1723 | ||
| + | > | ||
| + | |||
| + | これを見ていると,普通にIPアドレスの末尾を連番で接続してきているのがわかります. | ||
| + | |||
| + | **RTXへの1723ポートへの接続を過去ログをsyslogから調べてみる [#c9c4958a] | ||
| + | |||
| + | RTX1100のログはsyslogサーバへ転送しているので,そのログからPPTPによるVPN(1723)へ接続してきているIPアドレスを調べる. | ||
| + | |||
| + | ujp:log vpnserver$ grep ":1723" rtx.log|head | ||
| + | May 14 14:01:18 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 180.153.113.141:22207 > 192.168.0.1:1723 | ||
| + | May 14 14:01:19 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 183.60.48.25:27519 > 192.168.0.1:1723 | ||
| + | May 15 05:10:21 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 112.216.163.130:6000 > 192.168.0.1:1723 | ||
| + | May 15 16:42:05 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 218.17.160.22:42861 > 192.168.0.1:1723 | ||
| + | May 16 14:01:23 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 180.153.113.141:22208 > 192.168.0.1:1723 | ||
| + | May 16 14:01:23 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 183.60.48.25:44856 > 192.168.0.1:1723 | ||
| + | May 16 17:32:57 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 112.216.163.130:6000 > 192.168.0.1:1723 | ||
| + | May 17 21:32:36 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 114.112.90.54:35337 > 192.168.0.1:1723 | ||
| + | May 17 21:32:37 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 114.112.90.54:35337 > 192.168.0.1:1723 | ||
| + | May 17 21:32:38 203.141.135.17 PP[01] Passed at IN(2009) filte]: TCP 114.112.90.54:35337 > 192.168.0.1:1723 | ||
| + | ujp:log vpnserver$ | ||
| + | |||
| + | source IPアドレスを取り出すために,次のようにコマンドを設定. | ||
| + | |||
| + | ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}'|sed 's/:/ /g'|awk '{print $1}'|sort|uniq -c|sort -r | ||
| + | 855 183.60.48.25 | ||
| + | 258 113.108.21.16 | ||
| + | 223 91.214.71.176 | ||
| + | 209 180.153.113.141 | ||
| + | 164 37.46.105.40 | ||
| + | 130 218.77.79.38 | ||
| + | 121 61.160.224.129 | ||
| + | 91 61.240.144.66 | ||
| + | 78 61.240.144.65 | ||
| + | 67 61.240.144.64 | ||
| + | 54 61.240.144.67 | ||
| + | 50 66.240.192.138 | ||
| + | 38 42.120.142.221 | ||
| + | 36 71.6.167.142 | ||
| + | 36 71.6.135.131 | ||
| + | 33 198.20.69.98 | ||
| + | 32 92.247.120.50 | ||
| + | 32 66.240.236.119 | ||
| + | 29 71.6.165.200 | ||
| + | 27 85.25.103.50 | ||
| + | 27 14.17.35.181 | ||
| + | 25 198.20.70.114 | ||
| + | 24 42.156.250.110 | ||
| + | 22 42.156.250.112 | ||
| + | 22 42.156.250.111 | ||
| + | 22 37.46.105.77 | ||
| + | 21 42.120.142.220 | ||
| + | 20 42.156.250.115 | ||
| + | 19 42.120.142.223 | ||
| + | 18 42.156.250.116 | ||
| + | 18 42.156.250.113 | ||
| + | 17 42.156.250.119 | ||
| + | 15 160.249.228.226 | ||
| + | 13 91.192.92.18 | ||
| + | 13 160.249.248.137 | ||
| + | 12 42.120.142.222 | ||
| + | 10 42.156.250.117 | ||
| + | 9 112.216.163.130 | ||
| + | 8 93.120.27.62 | ||
| + | 7 42.156.250.118 | ||
| + | 7 42.156.250.114 | ||
| + | 7 223.152.40.93 | ||
| + | 7 223.152.208.143 | ||
| + | 7 222.242.143.53 | ||
| + | 6 93.174.93.68 | ||
| + | 6 182.118.54.62 | ||
| + | 6 182.118.53.149 | ||
| + | 6 182.118.53.110 | ||
| + | 6 114.112.90.54 | ||
| + | 5 89.46.100.172 | ||
| + | 5 82.221.105.6 | ||
| + | 5 182.118.55.225 | ||
| + | 5 182.118.54.88 | ||
| + | 5 182.118.53.83 | ||
| + | 5 182.118.53.120 | ||
| + | 5 1.72.132.218 | ||
| + | 4 222.107.91.130 | ||
| + | 4 182.118.60.75 | ||
| + | 4 182.118.60.57 | ||
| + | 4 182.118.60.54 | ||
| + | 4 182.118.55.144 | ||
| + | 4 182.118.53.74 | ||
| + | 4 182.118.45.250 | ||
| + | 4 182.118.45.237 | ||
| + | 4 150.255.118.88 | ||
| + | 4 123.117.167.147 | ||
| + | 4 122.226.102.84 | ||
| + | 4 119.4.26.184 | ||
| + | 4 112.80.138.35 | ||
| + | 3 85.10.210.199 | ||
| + | 3 61.55.208.115 | ||
| + | 3 61.52.59.196 | ||
| + | 3 61.52.50.145 | ||
| + | 3 60.216.142.113 | ||
| + | 3 60.216.140.18 | ||
| + | 3 60.216.137.180 | ||
| + | 3 60.208.164.245 | ||
| + | 3 60.166.225.127 | ||
| + | 3 60.16.15.219 | ||
| + | 3 60.16.13.42 | ||
| + | 3 60.16.1.75 | ||
| + | 3 59.174.194.25 | ||
| + | 3 59.174.194.181 | ||
| + | 3 59.174.188.75 | ||
| + | 3 59.174.188.19 | ||
| + | 3 59.174.188.124 | ||
| + | 3 58.243.229.40 | ||
| + | 3 58.20.99.77 | ||
| + | 3 58.20.99.232 | ||
| + | 3 58.20.98.73 | ||
| + | 3 58.20.98.202 | ||
| + | 3 58.20.98.152 | ||
| + | 3 58.19.1.199 | ||
| + | 3 58.19.1.134 | ||
| + | 3 58.19.0.80 | ||
| + | 3 58.19.0.44 | ||
| + | 3 49.74.81.136 | ||
| + | 3 45.79.164.57 | ||
| + | 3 42.92.129.95 | ||
| + | 3 42.92.129.198 | ||
| + | 3 36.44.99.141 | ||
| + | 3 27.211.57.128 | ||
| + | 3 27.211.179.63 | ||
| + | 3 27.211.176.25 | ||
| + | 3 27.10.76.243 | ||
| + | 3 27.10.76.200 | ||
| + | 3 27.10.73.165 | ||
| + | 3 27.10.209.156 | ||
| + | 3 222.94.97.34 | ||
| + | 3 222.75.44.211 | ||
| + | 3 222.75.38.105 | ||
| + | 3 221.0.17.141 | ||
| + | 3 220.200.25.254 | ||
| + | 3 220.173.16.31 | ||
| + | 3 220.169.18.75 | ||
| + | 3 219.157.194.34 | ||
| + | 3 219.157.193.54 | ||
| + | 3 218.8.85.223 | ||
| + | 3 218.58.34.35 | ||
| + | 3 218.58.33.202 | ||
| + | 3 217.12.204.104 | ||
| + | 3 211.97.123.99 | ||
| + | 3 211.97.123.86 | ||
| + | 3 211.97.123.69 | ||
| + | 3 211.97.123.18 | ||
| + | 3 211.97.122.243 | ||
| + | 3 211.138.245.224 | ||
| + | 3 210.76.215.72 | ||
| + | 3 210.76.194.2 | ||
| + | 3 210.72.64.191 | ||
| + | 3 188.138.9.50 | ||
| + | 3 182.242.59.250 | ||
| + | 3 182.118.60.83 | ||
| + | 3 182.118.60.50 | ||
| + | 3 182.118.55.159 | ||
| + | 3 182.118.54.17 | ||
| + | 3 182.118.45.229 | ||
| + | 3 182.108.48.179 | ||
| + | 3 180.109.226.40 | ||
| + | 3 175.184.165.199 | ||
| + | 3 175.184.160.99 | ||
| + | 3 175.17.210.36 | ||
| + | 3 175.17.207.106 | ||
| + | 3 175.17.194.10 | ||
| + | 3 175.12.104.148 | ||
| + | 3 171.37.255.123 | ||
| + | 3 171.37.252.38 | ||
| + | 3 171.37.110.151 | ||
| + | 3 171.37.108.106 | ||
| + | 3 171.36.55.244 | ||
| + | 3 171.36.53.76 | ||
| + | 3 153.0.60.237 | ||
| + | 3 150.255.22.238 | ||
| + | 3 150.255.17.145 | ||
| + | 3 14.104.191.70 | ||
| + | 3 14.104.190.165 | ||
| + | 3 14.104.189.27 | ||
| + | 3 14.104.189.199 | ||
| + | 3 14.104.187.67 | ||
| + | 3 14.104.184.119 | ||
| + | 3 139.212.96.214 | ||
| + | 3 139.212.92.22 | ||
| + | 3 125.76.92.26 | ||
| + | 3 125.211.38.65 | ||
| + | 3 125.211.38.221 | ||
| + | 3 125.119.8.168 | ||
| + | 3 124.90.53.224 | ||
| + | 3 124.90.49.190 | ||
| + | 3 124.90.48.126 | ||
| + | 3 123.6.170.24 | ||
| + | 3 123.6.161.177 | ||
| + | 3 123.158.61.163 | ||
| + | 3 123.139.23.68 | ||
| + | 3 123.139.23.107 | ||
| + | 3 123.139.21.15 | ||
| + | 3 123.117.166.72 | ||
| + | 3 123.117.165.68 | ||
| + | 3 123.117.163.229 | ||
| + | 3 122.96.17.218 | ||
| + | 3 122.96.16.11 | ||
| + | 3 122.96.130.207 | ||
| + | 3 121.237.195.14 | ||
| + | 3 121.237.192.58 | ||
| + | 3 120.85.201.95 | ||
| + | 3 120.32.70.44 | ||
| + | 3 119.4.27.52 | ||
| + | 3 119.4.24.45 | ||
| + | 3 119.119.178.63 | ||
| + | 3 119.108.158.16 | ||
| + | 3 119.108.145.2 | ||
| + | 3 118.81.6.145 | ||
| + | 3 118.81.226.11 | ||
| + | 3 118.250.141.99 | ||
| + | 3 118.250.141.53 | ||
| + | 3 116.114.73.249 | ||
| + | 3 116.113.70.185 | ||
| + | 3 115.200.236.87 | ||
| + | 3 115.198.203.55 | ||
| + | 3 114.97.87.250 | ||
| + | 3 114.97.65.176 | ||
| + | 3 114.96.165.62 | ||
| + | 3 114.96.162.27 | ||
| + | 3 114.221.19.131 | ||
| + | 3 113.248.147.9 | ||
| + | 3 113.135.99.137 | ||
| + | 3 113.135.98.60 | ||
| + | 3 112.80.211.55 | ||
| + | 3 112.80.137.117 | ||
| + | 3 112.67.214.129 | ||
| + | 3 112.67.193.160 | ||
| + | 3 112.66.85.203 | ||
| + | 3 112.66.51.203 | ||
| + | 3 112.66.28.22 | ||
| + | 3 112.66.24.177 | ||
| + | 3 112.193.88.15 | ||
| + | 3 112.123.29.203 | ||
| + | 3 112.117.16.17 | ||
| + | 3 112.111.3.153 | ||
| + | 3 112.111.1.249 | ||
| + | 3 112.111.0.96 | ||
| + | 3 112.111.0.76 | ||
| + | 3 111.85.216.86 | ||
| + | 3 111.85.216.59 | ||
| + | 3 111.85.179.140 | ||
| + | 3 111.162.153.231 | ||
| + | 3 111.162.152.189 | ||
| + | 3 111.162.142.161 | ||
| + | 3 111.113.165.247 | ||
| + | 3 110.84.209.25 | ||
| + | 3 110.84.208.130 | ||
| + | 3 110.84.203.102 | ||
| + | 3 110.241.68.152 | ||
| + | 3 110.240.175.225 | ||
| + | 3 106.45.173.86 | ||
| + | 3 101.68.4.31 | ||
| + | 3 101.68.127.206 | ||
| + | 3 101.68.126.59 | ||
| + | 3 101.24.55.183 | ||
| + | 3 1.31.59.58 | ||
| + | 3 1.31.57.240 | ||
| + | 2 91.224.160.18 | ||
| + | 2 66.154.119.132 | ||
| + | 2 64.34.253.40 | ||
| + | 2 60.248.138.219 | ||
| + | 2 59.15.16.105 | ||
| + | 2 222.98.225.248 | ||
| + | 2 218.17.160.22 | ||
| + | 2 211.241.133.40 | ||
| + | 2 210.205.0.249 | ||
| + | 2 209.183.219.246 | ||
| + | 2 188.138.1.218 | ||
| + | 2 182.118.60.87 | ||
| + | 2 182.118.60.63 | ||
| + | 2 182.118.60.56 | ||
| + | 2 182.118.60.48 | ||
| + | 2 182.118.60.37 | ||
| + | 2 182.118.60.19 | ||
| + | 2 182.118.60.15 | ||
| + | 2 182.118.60.14 | ||
| + | 2 182.118.60.115 | ||
| + | 2 182.118.55.240 | ||
| + | 2 182.118.55.212 | ||
| + | 2 182.118.55.210 | ||
| + | 2 182.118.55.202 | ||
| + | 2 182.118.55.200 | ||
| + | 2 182.118.55.196 | ||
| + | 2 182.118.55.185 | ||
| + | 2 182.118.55.179 | ||
| + | 2 182.118.55.175 | ||
| + | 2 182.118.55.165 | ||
| + | 2 182.118.55.161 | ||
| + | 2 182.118.55.153 | ||
| + | 2 182.118.55.147 | ||
| + | 2 182.118.55.135 | ||
| + | 2 182.118.55.114 | ||
| + | 2 182.118.55.113 | ||
| + | 2 182.118.54.86 | ||
| + | 2 182.118.54.56 | ||
| + | 2 182.118.54.54 | ||
| + | 2 182.118.54.21 | ||
| + | 2 182.118.54.19 | ||
| + | 2 182.118.54.12 | ||
| + | 2 182.118.54.115 | ||
| + | 2 182.118.54.114 | ||
| + | 2 182.118.54.109 | ||
| + | 2 182.118.54.102 | ||
| + | 2 182.118.53.99 | ||
| + | 2 182.118.53.86 | ||
| + | 2 182.118.53.81 | ||
| + | 2 182.118.53.70 | ||
| + | 2 182.118.53.52 | ||
| + | 2 182.118.53.37 | ||
| + | 2 182.118.53.252 | ||
| + | 2 182.118.53.235 | ||
| + | 2 182.118.53.225 | ||
| + | 2 182.118.53.218 | ||
| + | 2 182.118.53.213 | ||
| + | 2 182.118.53.207 | ||
| + | 2 182.118.53.201 | ||
| + | 2 182.118.53.200 | ||
| + | 2 182.118.53.194 | ||
| + | 2 182.118.53.168 | ||
| + | 2 182.118.53.150 | ||
| + | 2 182.118.53.143 | ||
| + | 2 182.118.53.138 | ||
| + | 2 182.118.53.132 | ||
| + | 2 182.118.53.106 | ||
| + | 2 182.118.53.101 | ||
| + | 2 182.118.45.245 | ||
| + | 2 182.118.45.217 | ||
| + | 2 171.13.14.51 | ||
| + | 2 171.13.14.3 | ||
| + | 2 171.13.14.29 | ||
| + | 2 159.226.134.253 | ||
| + | 2 113.17.173.12 | ||
| + | 2 112.123.27.200 | ||
| + | 2 107.178.109.9 | ||
| + | 2 101.226.179.84 | ||
| + | 1 95.211.191.156 | ||
| + | 1 94.102.49.207 | ||
| + | 1 93.174.95.83 | ||
| + | 1 93.174.93.235 | ||
| + | 1 92.247.120.60 | ||
| + | 1 89.40.71.152 | ||
| + | 1 89.248.174.100 | ||
| + | 1 89.248.169.35 | ||
| + | 1 80.82.78.27 | ||
| + | 1 80.82.65.59 | ||
| + | 1 80.82.65.205 | ||
| + | 1 80.82.64.68 | ||
| + | 1 69.164.203.180 | ||
| + | 1 66.154.119.29 | ||
| + | 1 66.154.119.12 | ||
| + | 1 66.154.119.11 | ||
| + | 1 66.154.119.108 | ||
| + | 1 64.34.251.53 | ||
| + | 1 64.215.242.5 | ||
| + | 1 60.21.167.126 | ||
| + | 1 23.94.17.2 | ||
| + | 1 217.71.50.2 | ||
| + | 1 211.195.214.9 | ||
| + | 1 211.186.255.122 | ||
| + | 1 203.195.168.197 | ||
| + | 1 202.74.40.117 | ||
| + | 1 198.52.103.155 | ||
| + | 1 198.12.86.74 | ||
| + | 1 198.12.86.234 | ||
| + | 1 195.211.154.157 | ||
| + | 1 195.211.154.133 | ||
| + | 1 192.74.249.136 | ||
| + | 1 178.208.77.51 | ||
| + | 1 125.220.140.248 | ||
| + | 1 124.95.181.13 | ||
| + | 1 123.140.204.6 | ||
| + | 1 122.116.6.168 | ||
| + | 1 121.225.246.214 | ||
| + | 1 114.34.252.247 | ||
| + | 1 112.216.55.162 | ||
| + | 1 111.192.165.77 | ||
| + | 1 107.151.195.229 | ||
| + | ujp:log vpnserver$ | ||
| + | |||
| + | これでみると,183.60.48.25と113.108.21.16以外にも,沢山接続されていることがわかるので,これらをRejectしていく.これでみるとトップ4は全部中国だ. | ||
| + | |||
| + | **さらにログを集計してdrop対象を絞り込む [#yfa08d5f] | ||
| + | |||
| + | IPアドレスの第2クォートで集計してみる. | ||
| + | |||
| + | ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}'|sed 's/:/ /g'|awk '{print $1}'|sed 's/\./ /g'|awk '{print $1"." $2".*.*"}'|sort|uniq -c|sort -r|more | ||
| + | 855 183.60.*.* | ||
| + | 290 61.240.*.* | ||
| + | 258 113.108.*.* | ||
| + | 223 91.214.*.* | ||
| + | 209 180.153.*.* | ||
| + | 199 182.118.*.* | ||
| + | 186 37.46.*.* | ||
| + | 165 42.156.*.* | ||
| + | 130 218.77.*.* | ||
| + | 121 61.160.*.* | ||
| + | 101 71.6.*.* | ||
| + | 90 42.120.*.* | ||
| + | 82 66.240.*.* | ||
| + | 58 198.20.*.* | ||
| + | 33 92.247.*.* | ||
| + | 28 160.249.*.* | ||
| + | 27 85.25.*.* | ||
| + | 27 14.17.*.* | ||
| + | 18 14.104.*.* | ||
| + | 15 59.174.*.* | ||
| + | 15 58.20.*.* | ||
| + | 15 211.97.*.* | ||
| + | 14 223.152.*.* | ||
| + | 13 91.192.*.* | ||
| + | 13 123.117.*.* | ||
| + | 12 58.19.*.* | ||
| + | 12 27.10.*.* | ||
| + | 12 171.37.*.* | ||
| + | 12 112.66.*.* | ||
| + | 12 112.111.*.* | ||
| + | 10 150.255.*.* | ||
| + | 10 119.4.*.* | ||
| + | 10 112.80.*.* | ||
| + | 10 112.216.*.* | ||
| + | 9 60.216.*.* | ||
| + | 9 60.16.*.* | ||
| + | 9 27.211.*.* | ||
| + | 9 175.17.*.* | ||
| + | 9 124.90.*.* | ||
| + | ujp:log vpnserver$ | ||
| + | |||
| + | これでトップ10を出してみる. | ||
| + | |||
| + | ujp:log vpnserver$ grep ":1723" rtx.log|awk '{print $11}'|sed 's/:/ /g'|awk '{print $1}'|sed 's/\./ /g'|awk '{print $1"." $2".*.*"}'|sort|uniq -c|sort -r|head -n 10 | ||
| + | 855 183.60.*.* | ||
| + | 290 61.240.*.* | ||
| + | 258 113.108.*.* | ||
| + | 223 91.214.*.* | ||
| + | 209 180.153.*.* | ||
| + | 199 182.118.*.* | ||
| + | 186 37.46.*.* | ||
| + | 165 42.156.*.* | ||
| + | 130 218.77.*.* | ||
| + | 121 61.160.*.* | ||
| + | ujp:log vpnserver$ | ||
| + | |||
| + | この不正アクセスしてきているIPアドレスのトップ10について,whoisコマンドでどの国の所属か確認してみる. | ||
| + | |||
| + | MBA2011:~ ujp$ whois 183.60.0.0|grep country | ||
| + | country: CN | ||
| + | country: CN | ||
| + | MBA2011:~ ujp$ whois 61.240.0.0|grep country | ||
| + | country: CN | ||
| + | country: CN | ||
| + | MBA2011:~ ujp$ whois 113.108.0.0|grep country | ||
| + | country: CN | ||
| + | country: CN | ||
| + | country: CN | ||
| + | MBA2011:~ ujp$ whois 91.214.0.0|grep country | ||
| + | country: PL | ||
| + | MBA2011:~ ujp$ whois 180.153.0.0|grep country | ||
| + | country: CN | ||
| + | country: CN | ||
| + | MBA2011:~ ujp$ whois 182.118.0.0|grep country | ||
| + | country: CN | ||
| + | country: CN | ||
| + | country: CN | ||
| + | country: CN | ||
| + | MBA2011:~ ujp$ whois 37.46.0.0|grep country | ||
| + | country: GB | ||
| + | MBA2011:~ ujp$ whois 42.156.0.0|grep country | ||
| + | country: CN | ||
| + | country: CN | ||
| + | country: CN | ||
| + | MBA2011:~ ujp$ whois 218.77.0.0|grep country | ||
| + | country: CN | ||
| + | country: CN | ||
| + | country: CN | ||
| + | MBA2011:~ ujp$ whois 61.160.0.0|grep country | ||
| + | country: CN | ||
| + | country: CN | ||
| + | country: CN | ||
| + | country: CN | ||
| + | MBA2011:~ ujp$ | ||
| + | |||
| + | CNは中国ですが,GBはグレートブリテン,つまりイギリス.そしてPLはポーランド. | ||
| + | |||
| + | **ブロックするIPアドレスを決定する [#q1fdca8d] | ||
| + | |||
| + | ブロックするIPアドレスを多くすれば制度はあがるがFirewallのCPU負荷が高くなるので,ルール設定を最小にしてみることを考える.まずはIPアドレスだけで個数を確認する.トップ10だけとしている. | ||
| + | |||
| + | ujp:log vpnserver $ grep ":1723" rtx.log|awk '{print $11}'|sed 's/:/ /g'|awk '{print $1}'|sort|uniq -c|sort -r|head -n 10 | ||
| + | 855 183.60.48.25 | ||
| + | 258 113.108.21.16 | ||
| + | 223 91.214.71.176 | ||
| + | 209 180.153.113.141 | ||
| + | 164 37.46.105.40 | ||
| + | 130 218.77.79.38 | ||
| + | 121 61.160.224.129 | ||
| + | 91 61.240.144.66 | ||
| + | 78 61.240.144.65 | ||
| + | 67 61.240.144.64 | ||
| + | ujp:log vpnserver $ | ||
| + | |||
| + | ここでは61.240.*.*が3行ほどでているので,これはまとめることとする. | ||
| + | |||
| + | **RTX1100でフィルタを設定する [#mfd3af79] | ||
| + | |||
| + | これまで調べたIPアドレスのトップ10をブロックしてみる. | ||
| + | |||
| + | # ip filter 2512 reject 91.214.71.176 * * * * | ||
| + | # ip filter 2513 reject 180.153.113.141 * * * * | ||
| + | # ip filter 2514 reject 37.46.105.40 * * * * | ||
| + | # ip filter 2515 reject 218.77.79.38 * * * * | ||
| + | # ip filter 2516 reject 61.160.224.129 * * * * | ||
| + | # ip filter 2517 reject 61.240.*.* * * * * | ||
| + | # ip filter 2518 reject 182.118.*.* * * * * | ||
| + | # pp select 1 | ||
| + | pp1# ip pp secure filter in 2510 2511 2512 2513 2514 2516 2517 2518 2000 2001 2098 2002 2003 2004 2005 2006 2007 2008 2009 2010 2099 dynamic 2100 2101 2102 2103 2104 2105 2106 | ||
| + | pp1# save | ||
| + | Saving ... CONFIG1 Done . | ||
| + | pp1# | ||
| + | |||
| + | またこれでしばらく様子を見てみる. | ||
- YAMAHA/RTX/vpndrop のバックアップ一覧
- YAMAHA/RTX/vpndrop のバックアップの現在との差分(No. All)
- 1: 2015-10-17 (土) 20:00:18 nobuaki
- 2: 2015-10-19 (月) 20:37:20 nobuaki
- 3: 2015-10-21 (水) 10:59:07 nobuaki
- 4: 2017-12-03 (日) 01:56:10 nobuaki
Counter: 4596,
today: 2,
yesterday: 2
