我的G450笔记本电脑宅在家里24小时开机,开启了ssh服务,标准的22端口。结果1个月来,lastb命令输出了5万多条登录失败的记录。怪不得网络有时候会卡:(。
经过整理,现将这些攻击者的IP列举如下:
1.232.34.242
106.240.236.226
111.4.118.86
111.4.122.136
112.216.149.99
112.216.76.110
112.91.147.118
113.140.41.234
113.98.244.34
114.130.138.3
115.236.18.34
115.248.216.116
116.204.96.233
117.141.96.7
117.25.130.75
117.79.148.54
118.192.42.26
118.26.96.2
119.10.114.52
119.80.39.55
119.80.39.56
121.196.16.5
121.78.115.192
122.154.162.3
122.193.249.212
122.226.181.8
123.103.12.35
123.196.113.11
125.64.93.164
139.210.100.66
140.113.160.150
173.231.115.58
175.126.180.104
175.99.95.250
182.18.31.165
183.203.16.231
183.232.32.24
183.60.202.209
188.190.98.6
192.187.96.94
198.46.59.4
198.52.100.19
199.193.115.15
199.195.212.145
201.114.28.164
202.103.34.210
202.137.9.177
202.162.221.220
202.165.179.171
203.197.43.145
203.199.194.66
208.115.208.172
209.124.106.61
209.190.12.34
210.21.90.38
210.51.10.158
210.73.208.242
211.147.213.104
211.147.80.2
218.104.48.105
218.106.254.184
218.25.217.35
218.64.114.103
218.7.13.214
218.74.19.178
219.140.77.60
219.146.209.2
219.150.177.234
219.235.126.174
219.239.26.4
220.161.148.178
220.182.3.163
221.12.29.170
221.130.14.88
221.242.204.12
222.187.126.134
42.121.121.163
42.121.122.11
46.22.211.170
54.248.116.144
58.246.160.239
59.45.74.130
59.53.94.9
59.66.31.144
60.191.232.54
60.31.140.84
61.142.106.34
61.146.164.35
61.147.103.117
61.147.103.134
61.147.103.136
61.147.103.142
61.147.103.161
61.147.103.179
61.147.103.186
61.147.103.69
61.147.116.108
61.147.116.56
61.147.116.99
61.147.79.83
61.155.153.145
61.157.126.67
61.185.242.103
61.55.135.183
62.233.102.183
62.244.241.107
67.222.158.83
69.194.139.137
76.104.218.44
80.243.185.247
82.221.102.177
87.106.7.45
91.228.153.5
95.170.192.110
95.80.240.214
96.44.137.85
----我是分割线^_^----
后来给sshd的监听端口换成了我手机号开头5位,一星期以来基本上没有遇到过暴力攻击了。
因此,可行的解决办法是给sshd服务换一个“随意点”的端口号。
----more----
SSH Brute Force – The 10 Year Old Attack That Still Persists [ http://blog.sucuri.net/2013/07/ssh-brute-force-the-10-year-old-attack-that-still-persists.html ]