freeSSHd.log の読み方メモ

雑記 ソフトウェア

インストールし,freeSSHd.log を書き出すよう設定した.

01-04-2010 19:30:53 Error in starting SSH server: Generic error for access violation.

サービスとして freeSSHdService.exe が動いており,このために,ユーザがダブルクリックした freeSSHdService.exe は SSH サーバを開始できていない.22 番ポートが既に使用されているから.

01-04-2010 19:30:53 Tray icon shown (admin logged in)

管理者ログインしているため,トレイアイコンを表示した.

01-04-2010 19:31:01 Telnet server stopped.
01-04-2010 19:31:01 SSH server stopped.
01-04-2010 19:31:03 Telnet server stopped.
01-04-2010 19:31:03 SSH server stopped.

RSA,DSA の公開鍵をそれぞれ 2048 bits で作り直したために停止したものだろう.

01-04-2010 19:31:09 Error in starting SSH server: Generic error for access violation.
01-04-2010 19:31:09 Tray icon shown (admin logged in)

設定漏れがあったか何だかで,ダブルクリックして実行した.

01-04-2010 19:33:19 SSH server started.
01-04-2010 19:33:19 Tray icon not show (no admin rights)

コンピュータを再起動した.サービスとしての freeSSHdService.exe が SSH サーバを開始した.管理者ログインで無いため,トレイアイコンは表示しないそうだ.これは,表示するようにし向けたい.freeSSHd の Forum で解決法を探す.

01-04-2010 19:40:36 IP 59.106.19.171 SSH connection attempt.
01-04-2010 19:40:36 IP 59.106.19.171 SSH  disconnected.
01-04-2010 19:41:43 IP 59.106.19.171 SSH connection attempt.
01-04-2010 19:41:43 IP 59.106.19.171 SSH  disconnected.

ポートチェッカー ニュー速VIP VIPPERの提供するVIPサービス からのアクセス記録.nslookup してみてもこのアドレスが得られた.

01-04-2010 21:27:01 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:27:01 IP 121.166.139.* SSH  disconnected.
01-04-2010 21:28:18 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:21 IP 121.166.139.* SSH admin: user unknown.
01-04-2010 21:28:21 IP 121.166.139.* SSH admin disconnected.
01-04-2010 21:28:21 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:24 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:28:24 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:25 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:28:28 IP 121.166.139.* SSH stud: user unknown.
01-04-2010 21:28:28 IP 121.166.139.* SSH stud disconnected.
01-04-2010 21:28:28 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:31 IP 121.166.139.* SSH trash: user unknown.
01-04-2010 21:28:31 IP 121.166.139.* SSH trash disconnected.
01-04-2010 21:28:31 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:37 IP 121.166.139.* SSH aaron: user unknown.
01-04-2010 21:28:37 IP 121.166.139.* SSH aaron disconnected.
01-04-2010 21:28:37 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:40 IP 121.166.139.* SSH gt05: user unknown.
01-04-2010 21:28:40 IP 121.166.139.* SSH gt05 disconnected.
01-04-2010 21:28:40 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:43 IP 121.166.139.* SSH william: user unknown.
01-04-2010 21:28:43 IP 121.166.139.* SSH william disconnected.
01-04-2010 21:28:43 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:46 IP 121.166.139.* SSH stephanie: user unknown.
01-04-2010 21:28:46 IP 121.166.139.* SSH stephanie disconnected.
01-04-2010 21:28:49 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:52 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:28:52 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:28:52 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:55 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:28:55 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:28:55 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:28:57 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:28:58 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:28:58 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:00 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:29:01 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:29:01 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:04 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:29:04 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:29:04 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:07 IP 121.166.139.* SSH gary: user unknown.
01-04-2010 21:29:07 IP 121.166.139.* SSH gary disconnected.
01-04-2010 21:29:07 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:10 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:29:10 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:29:10 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:13 IP 121.166.139.* SSH guest: user unknown.
01-04-2010 21:29:13 IP 121.166.139.* SSH guest disconnected.
01-04-2010 21:29:16 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:19 IP 121.166.139.* SSH test: user unknown.
01-04-2010 21:29:19 IP 121.166.139.* SSH test disconnected.
01-04-2010 21:29:19 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:21 IP 121.166.139.* SSH oracle: user unknown.
01-04-2010 21:29:22 IP 121.166.139.* SSH oracle disconnected.
01-04-2010 21:29:22 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:25 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:29:25 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:29:25 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:28 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:29:28 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:29:31 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:34 IP 121.166.139.* SSH root: user unknown.
01-04-2010 21:29:34 IP 121.166.139.* SSH root disconnected.
01-04-2010 21:29:43 IP 121.166.139.* SSH connection attempt.
01-04-2010 21:29:44 IP 121.166.139.* SSH  disconnected.

IP アドレスの一部を隠した.韓国からのクラッキング記録.数十回試行している.ユーザ名が 12 種類登場した.

  • (ユーザ名なし)
  • admin
  • root
  • stud
  • trash
  • aaron
  • gt05
  • william
  • stephanie
  • gary
  • guest
  • test
  • oracle

freeSSHd の設定を見直そう.IP アドレス入力欄があり「このアドレスを拒否する」が既定となっている.接続元の IP アドレスを入力し「このアドレスを許可する」を選択しよう.

次からは IP アドレスとユーザ名を隠した,遠隔地からの SSH 接続ログ.

01-04-2010 21:52:00 IP *.*.*.* SSH connection attempt.

connection attempt は接続する度に発生している.原因は不明.

01-04-2010 21:52:16 IP *.*.*.* SSH **** successfully logged on using public key.

ユーザ **** が公開鍵を使用してログオンした.

01-04-2010 21:52:16 Shell service granted to user ****.

ここでは cmd.exe が Shell となる.

01-04-2010 21:52:26 Tunneling service granted to user ****.

SSH トンネリングを始めた事を示す.

01-04-2010 21:53:10 IP *.*.*.* SSH **** disconnected.

切断を示す.