asghan
04-02-2015, 14:25
ciao
guardando i log di sistema di un modem router adsl
alcuni mi sono sembrati molto strani
e mi è sorto il dubbio se a causa qualche bug del SO non sia stato stato compromesso ed usato da terzi
Info Feb 4 13:29:23 LOGIN User tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:29:17 LOGIN User root tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:29:08 LOGIN User root tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:29:00 LOGIN User support tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:51 LOGIN User admin tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:45 LOGIN User admin tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:36 LOGIN User root tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:30 LOGIN User root tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:28 CONFIGURATION saved by TR69
Info Feb 4 13:27:23 LOGIN User x logged in on [HTTP] (from x.x.x.x)
Info Feb 4 13:26:30 SNTP Synchronised to server: 134.170.185.211
Errore Feb 4 13:26:30 SNTP Systemtime update: time setting 01:11:48 > new time setting: 13:26:30
Info Jan 1 01:11:28 CONFIGURATION saved by TR69
Avvertenza Jan 1 01:11:27 PPP link up (Internet) [78.14.216.243]
Info Jan 1 01:11:27 FIREWALL event (1 of 2): deleted rules
Info Jan 1 01:11:26 PPP CHAP Receive success (Internet)
Info Jan 1 01:11:26 PPP CHAP Receive challenge from rhost c72g2.ca-atm3 (Internet)
Info Jan 1 01:11:20 FIREWALL event (1 of 1): modified rules
Info Jan 1 01:11:20 FIREWALL event (1 of 1): created rules
Avvertenza Jan 1 01:11:20 PPP link down (Internet) [78.14.217.229]
Info Jan 1 01:09:40 FIREWALL event (1 of 1): modified rules
Info Jan 1 01:09:40 FIREWALL event (1 of 1): created rules
Avvertenza Jan 1 01:09:40 PPP link up (Internet) [78.14.217.229]
Info Jan 1 01:09:40 FIREWALL event (1 of 2): deleted rules
Info Jan 1 01:09:40 PPP CHAP Receive success (Internet)
Info Jan 1 01:09:39 PPP CHAP Receive challenge from rhost c72g2.ca-atm3 (Internet)
Info Jan 1 01:09:32 xDSL linestate up (ITU-T G.992.5; downstream: 5553 kbit/s, upstream: 478 kbit/s; output Power Down: 20.9 dBm, Up: 12.0 dBm; line Attenuation Down: 26.0 dB, Up: 14.0 dB; snr Margin Down: 12.1 dB, Up: 22.7 dB)
Avvertenza Jan 1 01:06:48 SNTP Unable to contact server: xxxxxxx
Avvertenza Jan 1 01:06:21 PPP link down (Internet) [78.14.222.72]
Info Jan 1 01:05:56 FIREWALL event (1 of 1): modified rules
Info Jan 1 01:05:56 FIREWALL event (1 of 1): created rules
Info Jan 1 01:05:56 xDSL linestate down
Info Jan 1 01:03:31 FIREWALL event (1 of 22): modified rules
Info Jan 1 01:03:31 FIREWALL event (1 of 38): created rules
Avvertenza Jan 1 01:03:31 PPP link up (Internet) [xxxxxxxxx]
Info Jan 1 01:03:31 FIREWALL event (1 of 7): deleted rules
Info Jan 1 01:03:30 PPP CHAP Receive success (Internet)
Info Jan 1 01:03:30 PPP CHAP Receive challenge from rhost c72g2.ca-atm3 (Internet)
Info Jan 1 01:03:26 xDSL linestate up (ITU-T G.992.5; downstream: 5432 kbit/s, upstream: 478 kbit/s; output Power Down: 20.8 dBm, Up: 12.0 dBm; line Attenuation Down: 26.0 dB, Up: 14.0 dB; snr Margin Down: 12.1 dB, Up: 22.8 dB)
specialmente questi
LOGIN User root tried to log in on TELNET
FIREWALL event (1 of 2): deleted rules
grazie per l opinione
guardando i log di sistema di un modem router adsl
alcuni mi sono sembrati molto strani
e mi è sorto il dubbio se a causa qualche bug del SO non sia stato stato compromesso ed usato da terzi
Info Feb 4 13:29:23 LOGIN User tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:29:17 LOGIN User root tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:29:08 LOGIN User root tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:29:00 LOGIN User support tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:51 LOGIN User admin tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:45 LOGIN User admin tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:36 LOGIN User root tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:30 LOGIN User root tried to log in on TELNET (41.253.143.41)
Info Feb 4 13:28:28 CONFIGURATION saved by TR69
Info Feb 4 13:27:23 LOGIN User x logged in on [HTTP] (from x.x.x.x)
Info Feb 4 13:26:30 SNTP Synchronised to server: 134.170.185.211
Errore Feb 4 13:26:30 SNTP Systemtime update: time setting 01:11:48 > new time setting: 13:26:30
Info Jan 1 01:11:28 CONFIGURATION saved by TR69
Avvertenza Jan 1 01:11:27 PPP link up (Internet) [78.14.216.243]
Info Jan 1 01:11:27 FIREWALL event (1 of 2): deleted rules
Info Jan 1 01:11:26 PPP CHAP Receive success (Internet)
Info Jan 1 01:11:26 PPP CHAP Receive challenge from rhost c72g2.ca-atm3 (Internet)
Info Jan 1 01:11:20 FIREWALL event (1 of 1): modified rules
Info Jan 1 01:11:20 FIREWALL event (1 of 1): created rules
Avvertenza Jan 1 01:11:20 PPP link down (Internet) [78.14.217.229]
Info Jan 1 01:09:40 FIREWALL event (1 of 1): modified rules
Info Jan 1 01:09:40 FIREWALL event (1 of 1): created rules
Avvertenza Jan 1 01:09:40 PPP link up (Internet) [78.14.217.229]
Info Jan 1 01:09:40 FIREWALL event (1 of 2): deleted rules
Info Jan 1 01:09:40 PPP CHAP Receive success (Internet)
Info Jan 1 01:09:39 PPP CHAP Receive challenge from rhost c72g2.ca-atm3 (Internet)
Info Jan 1 01:09:32 xDSL linestate up (ITU-T G.992.5; downstream: 5553 kbit/s, upstream: 478 kbit/s; output Power Down: 20.9 dBm, Up: 12.0 dBm; line Attenuation Down: 26.0 dB, Up: 14.0 dB; snr Margin Down: 12.1 dB, Up: 22.7 dB)
Avvertenza Jan 1 01:06:48 SNTP Unable to contact server: xxxxxxx
Avvertenza Jan 1 01:06:21 PPP link down (Internet) [78.14.222.72]
Info Jan 1 01:05:56 FIREWALL event (1 of 1): modified rules
Info Jan 1 01:05:56 FIREWALL event (1 of 1): created rules
Info Jan 1 01:05:56 xDSL linestate down
Info Jan 1 01:03:31 FIREWALL event (1 of 22): modified rules
Info Jan 1 01:03:31 FIREWALL event (1 of 38): created rules
Avvertenza Jan 1 01:03:31 PPP link up (Internet) [xxxxxxxxx]
Info Jan 1 01:03:31 FIREWALL event (1 of 7): deleted rules
Info Jan 1 01:03:30 PPP CHAP Receive success (Internet)
Info Jan 1 01:03:30 PPP CHAP Receive challenge from rhost c72g2.ca-atm3 (Internet)
Info Jan 1 01:03:26 xDSL linestate up (ITU-T G.992.5; downstream: 5432 kbit/s, upstream: 478 kbit/s; output Power Down: 20.8 dBm, Up: 12.0 dBm; line Attenuation Down: 26.0 dB, Up: 14.0 dB; snr Margin Down: 12.1 dB, Up: 22.8 dB)
specialmente questi
LOGIN User root tried to log in on TELNET
FIREWALL event (1 of 2): deleted rules
grazie per l opinione