Jump to content
Nytro

Cine ne mai da DDOS

Recommended Posts

Se pare ca au revenit baietii veseli. Nu prea inteleg de ce atacul DDOS vine dupa ora 00:00, oare pe ce fus orar or fi? In SUA e ora 18:20, in China e 06:00 dimineata. Nu am idee.

Ce e interesant e ca vin de pe IP-uri de prin toata lumea. Din lipsa de somn am facut reverse DNS pe o parte dintre ele si rezultatul arata cam asa:

68-191-191-90.static.fdul.wi.charter.com     
host141-86-static.98-5-b.business.telecomitalia.it
h-109-228-132-146.na.cust.bahnhof.se
hosted-by.securefastserver.com
arx68-8.araxinfo.com
177-069-215-197.static.ctbctelecom.com.br
host-201-218-17-202.telconet.net
ip-200-53-103-250-mty.marcatel.net.mx
Wimax-Cali-190-0-16-58.orbitel.net.co
80-84-117-233.pool.symbios.ru
adsl-90-151-59-151.nojabrsk.ru
82-160-137-162.tktelekom.pl
yak-3062.union-tel.ru
h88-150-189-101.host.redstation.co.uk
manserv162.static.host.gvt.net.br
shinevskiy.hrf.su
expogospel.amplitudenet.com.br
FAST-INTERNET-103-246-1-49.solnet.net.id
pppoe-dynamic-pool-130.u2net.ru
234-50-251-80.pride-net.ru
ip-91-232-85-10.xlnet.cz
framan.dfc.unifi.it
lvps91-250-113-166.dedicated.hosteurope.de
static.217.12.113.67.tmg.md
autoplan17-8.autoplan.com.br
mail.martinbesta.cz
ip-176-192-15-229.bb.netbynet.ru
kvartal.brov.org
hsreina.shadosoft-tm.com
km-unallocated.gtu.net.ua
www3386uj.sakura.ne.jp
196.216.74.10.swiftkenya.com
clients-pools.vt.cooolbox.bg
yak-3062.union-tel.ru
lisg-sh.ELANinet.com
tokiodance.metronv.ru
95-24-122-21.broadband.corbina.ru
ec2-54-242-80-90.compute-1.amazonaws.com
ec2-54-251-204-189.ap-southeast-1.compute.amazonaws.com
ec2-54-232-227-85.sa-east-1.compute.amazonaws.com
mailgw.astellas.com
j34440.servers.jiffybox.net
du-220-98.sv-en.ru
newhost.rapidvps.net
server.geek-spot.com
PSA.MINAS.netsi.com.br
190-82-89-156.static.tie.cl
ip-net-196-43-98-2.africaonline.co.zw
netgenius.co.uk
static.vdc.vn
dsp-fax.dsp-c.co.rs
IP.net124-238.psi.net.pa
80-48-126-12.smsiarkowiec.pl
190-94-201-245.ifxnw.com.ve
102.200.23.177.fhpinternet.com.br
dial-78-141-120-184.orange.sk
static.11.85.40.188.clients.your-server.de
hosted-by.securefastserver.com
m125.magenta.fastwebserver.de
hsreina.shadosoft-tm.com
edge.tumblespeed.net
ckb1.rutil.net

Nu pare nimic neobisnuit insa am fost surprins sa vad multe servere cumparate: securefastserver.com, fastwebserver.de, your-server.de, cateva de compute.amazonaws.com, dedicated.hosteurope.de... Oare au fost toate prinse pe "./scanu" nostru romanesc, sau cineva a investit in asa ceva?

Hm, oricum, oricine ar fi in spatele atacurilor nu e o persoana tocmai inteligenta. S-au folosit peste 570 de IP-uri unice, cu asa ceva era oarecum usor sa pici un server, insa nici nu era nevoie sa le dau DROP pentru ca atacul nu facea nici macar load pe server.

Aceasta e lista cu IP-urile:

101.109.251.210
101.255.71.18
103.11.159.195
103.16.68.4
103.16.79.195
103.246.1.186
103.246.1.49
106.3.102.215
108.61.36.88
108.61.89.152
109.101.9.48
109.122.48.165
109.185.116.199
109.194.65.175
109.207.61.14
109.227.124.27
109.228.132.146
109.236.220.98
109.69.72.109
116.10.143.18
116.226.47.78
116.228.55.184
116.231.193.132
116.236.216.116
116.66.197.228
1.179.128.2
1.179.144.98
1.179.147.2
119.110.67.200
119.110.75.246
119.187.148.81
119.2.3.222
119.235.50.202
119.2.49.227
119.252.160.99
119.254.90.18
119.6.73.138
119.9.33.171
119.93.7.211
119.97.146.148
121.11.167.246
121.12.167.197
12.199.141.164
123.242.172.4
123.30.75.115
123.63.33.217
130.255.88.65
133.242.141.160
133.242.144.168
136.0.16.210
137.116.122.218
137.135.104.254
137.135.81.169
137.175.29.34
139.0.16.202
141.85.252.136
14.192.159.205
142.0.128.24
142.0.138.34
144.76.63.53
150.140.141.195
150.217.103.160
151.232.41.149
157.7.137.101
162.211.224.30
163.125.156.85
163.142.73.113
1.63.18.22
163.5.69.4
166.111.132.167
170.224.168.197
172.162.165.70
173.208.252.196
173.252.252.218
173.45.83.235
174.142.184.205
175.111.90.35
175.136.192.5
175.139.213.206
175.140.114.207
175.25.243.22
175.25.243.26
176.108.108.111
176.192.15.229
176.194.189.56
176.56.12.48
177.107.97.245
177.129.214.44
177.192.184.45
177.207.243.165
177.21.253.18
177.22.121.34
177.23.200.102
177.43.210.162
177.69.195.4
177.69.215.197
177.73.3.44
178.135.61.179
178.149.45.225
178.208.255.123
178.212.124.111
178.217.9.18
178.248.43.155
179.222.17.43
181.112.217.211
181.114.225.50
181.14.202.100
181.225.59.134
184.107.243.2
184.154.85.245
184.82.214.35
185.8.107.4
185.8.2.18
186.0.202.164
186.101.41.40
186.101.78.110
186.103.130.90
186.103.143.211
186.194.47.46
186.209.106.20
186.215.255.210
186.24.34.178
186.249.79.246
186.3.6.113
186.3.71.155
186.47.122.60
186.65.96.118
186.88.107.73
186.88.55.166
186.89.109.233
186.89.64.6
186.91.196.62
186.92.114.13
186.92.134.50
186.92.5.192
186.93.127.50
186.93.155.113
186.93.209.208
186.93.248.237
186.94.184.195
186.95.122.150
186.95.238.103
186.95.42.166
186.95.79.192
187.102.127.97
187.111.15.221
187.11.123.14
187.120.208.211
187.120.27.22
187.120.34.82
187.12.189.221
187.125.147.178
187.157.32.65
187.41.65.244
187.45.103.200
187.51.57.213
187.52.2.162
187.62.217.81
188.128.99.94
188.129.214.244
188.136.134.231
188.190.164.10
188.40.85.11
188.95.32.186
189.106.23.196
189.114.75.21
189.125.133.50
189.1.8.206
189.203.225.194
189.254.236.185
189.2.80.2
189.2.90.228
189.3.25.146
189.41.177.68
189.44.113.186
189.78.155.168
189.85.22.98
190.0.16.58
190.0.17.202
190.0.33.18
190.0.45.98
190.0.60.238
190.111.122.74
190.121.135.178
190.121.20.61
190.14.255.234
190.146.132.205
190.151.122.38
190.152.80.2
190.153.33.253
190.162.205.240
190.167.196.218
190.181.243.84
190.189.93.245
190.199.108.140
190.199.220.156
190.199.43.52
190.200.176.155
190.202.250.233
190.203.151.104
190.203.215.12
190.203.76.31
190.204.168.238
190.204.246.62
190.204.2.83
190.204.98.120
190.207.188.251
190.207.215.99
190.24.10.122
190.253.60.30
190.37.101.243
190.38.189.52
190.39.22.51
190.39.91.75
190.72.205.104
190.72.32.134
190.74.187.146
190.74.237.37
190.77.220.213
190.77.3.110
190.77.46.194
190.78.241.4
190.78.251.148
190.79.156.43
190.82.89.156
190.85.53.43
190.94.201.245
190.94.206.213
190.94.210.150
190.94.249.130
190.95.225.163
190.96.64.234
192.187.116.226
192.64.11.124
193.110.216.144
193.165.216.52
194.141.252.102
194.19.245.45
194.48.60.26
195.128.157.240
195.135.251.171
195.140.190.146
195.191.13.2
195.222.36.86
195.225.144.38
195.24.210.130
195.24.220.134
195.245.118.5
196.216.74.10
196.219.24.34
196.43.98.2
197.136.42.5
197.161.39.66
197.210.252.44
197.211.32.170
197.220.193.49
197.255.213.146
198.102.28.100
198.2.196.162
198.2.198.33
198.23.128.49
198.24.181.95
198.27.83.105
198.49.70.103
198.50.241.160
198.50.245.105
198.50.96.107
198.52.247.103
198.56.208.37
198.56.238.54
199.15.233.142
199.201.121.139
199.250.198.238
199.255.28.102
200.123.130.129
200.148.94.78
200.192.255.146
200.195.141.178
200.199.139.50
200.222.4.90
200.252.14.166
200.46.124.238
200.52.172.66
200.53.103.250
200.54.92.187
200.60.11.25
200.69.218.221
200.7.33.250
200.84.106.156
200.84.135.195
200.84.15.123
200.84.61.11
200.88.158.250
200.93.56.28
201.12.116.18
201.140.102.173
201.208.103.26
201.208.97.145
201.209.96.176
201.210.202.206
201.211.0.51
201.211.115.254
201.211.129.193
201.211.3.136
201.218.17.202
201.234.133.57
201.234.74.5
201.242.58.89
201.243.159.113
201.248.113.4
201.249.9.139
201.33.29.86
201.49.209.146
201.62.48.153
201.62.48.202
201.64.254.228
203.112.195.238
203.153.214.22
203.161.24.74
203.172.161.211
203.19.4.250
203.24.76.186
203.86.16.230
204.93.54.15
205.202.253.55
206.251.61.230
206.251.61.236
206.251.61.252
207.238.97.13
208.73.22.156
208.83.61.90
208.97.65.4
211.138.129.251
211.140.207.100
211.142.236.132
211.157.114.133
211.167.64.112
212.126.122.160
212.138.92.10
212.165.128.105
212.200.23.18
212.249.11.115
212.50.224.55
212.7.192.139
212.8.206.170
212.91.169.132
213.141.236.133
213.164.18.147
213.181.73.145
213.197.129.70
213.203.182.116
213.211.36.100
213.233.92.78
216.152.144.7
216.244.65.146
216.244.80.50
216.250.7.197
217.12.113.67
217.169.209.2
217.169.214.144
217.169.215.175
217.219.190.209
217.23.192.43
217.24.251.46
217.66.20.245
2.181.177.7
2.183.155.2
2.184.6.10
219.133.127.49
219.133.133.209
219.135.191.141
219.136.231.6
219.137.229.146
219.149.45.42
219.159.105.180
219.159.198.77
219.159.198.8
219.159.198.81
219.159.199.6
219.239.227.81
219.72.225.251
219.83.100.195
220.113.1.73
220.132.19.136
220.247.174.174
24.172.34.114
31.135.196.229
31.14.231.168
31.170.179.35
31.3.231.231
31.47.37.42
31.6.71.198
31.7.144.66
37.200.98.218
37.229.97.21
41.129.244.75
41.130.195.106
41.164.23.162
41.202.77.195
41.203.95.234
41.206.30.178
41.215.245.77
41.215.33.66
41.215.77.250
41.222.196.37
41.230.30.24
41.41.138.226
41.63.163.17
41.73.234.243
41.75.111.162
41.78.26.154
41.79.218.113
41.89.130.6
42.120.18.118
42.61.213.99
46.102.74.14
46.181.135.215
46.18.35.226
46.21.242.130
46.214.137.8
46.248.38.205
46.28.70.153
46.28.70.87
46.60.48.179
5.102.156.25
5.10.85.34
5.10.85.35
5.10.85.36
5.10.85.37
5.135.182.105
5.152.209.105
5.187.32.18
5.35.245.191
54.216.232.179
54.228.190.153
54.232.227.85
54.242.80.90
54.247.119.128
54.251.204.189
59.151.37.8
59.172.208.186
5.9.21.206
59.46.67.108
5.98.86.141
62.162.6.11
62.201.207.14
62.228.76.254
62.240.30.193
63.141.233.148
64.120.160.179
64.181.43.79
64.251.14.41
64.71.156.216
64.79.89.66
66.102.141.186
66.35.68.145
66.35.68.146
67.55.2.15
68.191.191.90
68.71.76.242
69.50.64.153
72.14.175.226
74.118.91.238
74.208.123.225
74.221.209.228
74.252.102.240
74.62.137.190
74.84.137.244
74.95.209.30
75.147.16.244
77.123.76.157
77.52.183.254
77.65.19.35
78.130.201.110
78.141.120.184
78.182.202.223
78.29.9.104
78.47.149.64
79.106.109.206
79.110.119.126
79.110.127.230
79.111.12.199
79.127.120.66
79.174.69.46
79.175.187.2
80.241.44.98
80.251.50.234
80.48.126.12
80.78.232.26
80.82.51.38
80.84.117.233
80.87.82.194
80.98.13.171
81.17.28.169
82.114.95.238
82.160.137.162
82.207.68.142
83.146.70.246
83.235.177.207
84.124.12.2
84.124.159.15
84.129.234.210
84.22.32.222
84.241.37.199
84.40.111.206
84.42.3.3
85.113.38.227
85.114.135.125
85.135.52.30
85.142.225.178
85.234.22.126
85.9.74.111
86.105.82.89
86.120.212.195
87.120.152.173
87.236.210.45
87.236.211.71
87.255.68.8
87.56.228.180
88.150.181.130
88.150.189.101
88.212.48.64
88.255.147.83
88.85.108.16
89.110.41.165
89.165.161.133
89.179.102.126
89.179.244.102
89.190.195.170
89.222.181.225
89.37.196.65
89.77.33.126
90.151.59.151
91.121.8.47
91.214.84.110
91.221.246.62
91.227.23.138
91.230.54.60
91.232.85.10
91.233.188.154
91.237.249.61
91.239.15.115
91.241.21.10
91.250.113.166
91.75.86.97
91.98.155.120
91.98.156.148
92.39.54.161
92.82.190.40
92.84.232.209
92.84.44.59
93.113.82.254
93.190.18.146
93.43.1.66
94.100.0.179
94.142.27.4
94.154.24.1
94.189.135.89
94.198.38.246
94.228.204.10
95.141.236.253
95.154.199.100
95.154.199.200
95.159.105.2
95.181.33.22
95.24.122.21
95.28.54.201
95.65.58.61
95.82.92.39
98.190.245.179

Daca v-ati logat dupa ora 00:00, e posibil sa nu mai aveti acces. Imi dati un PM cu adresa voastra IP si se rezolva.

As avea o rugaminte pentru cei cu bruteforcerele de ssh: incercati cateva IP-uri din lista si vedeti daca au IP-uri clasice: qwerty sau mai stiu ce parola de dictionar. E posibil sa fie gasite astfel.

Have fun.

Link to comment
Share on other sites

PMA sau PLESK. Sunt singurile care prind multe. Iti zic din propria experienta, am rupt si eu scannerele alea tot pentru DDoS. Mai pe scurt: INVIDIA!

Le bag eu acum pe toate la scan, daca se logheaza pe vreunu te anunt si vad si persoana care si-a facut de cap pe root :D

Ai sa gasesti sigur un perl bot. Cauta bine in /tmp , /var/tmp.. Acolo se ruleaza in general perl bot-ul.

Link to comment
Share on other sites

Se prind greu root-urile de romania :) Trebuie sa stii ceva clase bune.

Foarte greu la routere ... admin:admin admin:default admin:12345678

//Le2: pentru roate copiezi de aici lista cu cele mai folosite prenume/nume List? de prenume române?ti - Wikipedia si generezi passfile-ul asa:


for i in `cat listanume.txt | tr '[A-Z]' '[a-z]'`;do echo $i:$i;for u in 1 12 123 2010 2011 2012 2013 2014; do echo $i:$i$u;done;done

//Le3: Clase IP RO: https://www.countryipblocks.net/country_selection.php , bifat romania / CIDR si gata.

Sa ne zici si noua ulterior cat de greu se prind roatele de ro :P

Edited by Dubfx
Link to comment
Share on other sites

Foarte greu la routere ... admin:admin admin:default admin:12345678

//Le2: pentru roate copiezi de aici lista cu cele mai folosite prenume/nume List? de prenume române?ti - Wikipedia si generezi passfile-ul asa:


for i in `cat listanume.txt | tr '[A-Z]' '[a-z]'`;do echo $i:$i;for u in 1 12 123 2010 2011 2012 2013 2014; do echo $i:$i$u;done;done

//Le3: Clase IP RO: https://www.countryipblocks.net/country_selection.php , bifat romania / CIDR si gata.

Sa ne zici si noua ulterior cat de greu se prind roatele de ro :P

La ssh22 se prinde extrem de greu, pentru ca romanu nu prea pune parole gen : qwerty sau plm :). Cele mai multe root-uri de romania am prins cu scannerul de exim. Si PMA-ul prinde, versiunele noi.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...