[caiu] Scan da NSA?
Rafael Ribeiro - iPhone
rafaelribeiro.sp em gmail.com
Segunda Dezembro 22 22:13:20 BRST 2014
Ou você não esta monitorando corretamente, ou deveria jogar na MegaSena amanhã de tanta sorte que você tem!
Rafael Ribeiro
Sent by iPhone
> Em 22/12/2014, às 21:49, Roberto Lima <smuxbr em gmail.com> escreveu:
>
> Meu servidores nos eua, bem como as instancias aws sa-east não estão
> sofrendo com isso (ainda), graças a deus rs
>
> Em 22 de dezembro de 2014 20:36, Eduardo Schoedler <listas em esds.com.br>
> escreveu:
>>
>> Você está na internet. Logo, proteja-se. ;)
>>
>> Em 22 de dezembro de 2014 20:28, Luzemário <luzemario em luzehost.com.br>
>> escreveu:
>>
>>> Quem sabe se não são os hackers da Sony? :D
>>>
>>>> Em Seg, 2014-12-22 às 14:18 -0800, Felipe Rossi escreveu:
>>>>
>>>> Estou com esse mesmo histórico de tentativas a mais de 15 dias. Nosso
>>> IDS esta barrando todo trafego.
>>>>
>>>> Att
>>>>
>>>>
>>>>
>>>> —
>>>> Sent from Mailbox
>>>>
>>>> On Mon, Dec 22, 2014 at 8:12 PM, Eduardo Schoedler <listas em esds.com.br
>>>
>>>> wrote:
>>>>
>>>>> Isso é IP da china... bem normal.
>>>>> http://bgp.he.net/ip/222.186.30.31
>>>>> Em 22 de dezembro de 2014 20:10, Luzemário <
>> luzemario em luzehost.com.br>
>>>>> escreveu:
>>>>>> Não é só nessa porta. São várias portas conhecidas (ou não). Estou
>>>>>> enfrentando esse problema num momento bem singular. Tenho um bloco
>>> novo
>>>>>> onde não há hosts, assim estou podendo ver padrões que são mais
>>> difíceis
>>>>>> de se ver quando a rede está em uso. Se um IP nunca foi divulgado e
>>>>>> nunca usando, em tese ainda não é conhecido, assim não deveria haver
>>>>>> pacotes para ele... está sendo bem didático... :)
>>>>>>
>>>>>> Neste momento a bola da vez é o SSH em todos os IPs do bloco:
>>>>>>
>>>>>> 222.186.30.31:29976 200.0.81.63:22
>>>>>> 222.186.30.31:49104 200.0.81.239:22
>>>>>> 222.186.30.31:65089 200.0.81.227:22
>>>>>> ...
>>>>>>
>>>>>> E por aí vai. Esse pelo menos muda a porta de origem. Nesses dias
>>>>>> percebi que após alguma rotação os locais se repetem, aumentando
>> mais
>>>>>> ainda minha desconfiança de que são probes. Tirando um ou outro
>>>>>> traceroute que alguém faz por aqui, não há tráfego. Só essa sondagem
>>>>>> mesmo.
>>>>>>
>>>>>> Isso misturado ao tráfego normal de cliente passa despercebido
>>> fácil...
>>>>>>
>>>>>> Luzemário
>>>>>>
>>>>>> Em Seg, 2014-12-22 às 21:38 +0000, Fabricio Tadeu Rodrigues Ramirez
>>>>>> escreveu:
>>>>>>
>>>>>>> Luzemario,
>>>>>>>
>>>>>>> Dei uma verificada nos logs do meu fw e esse IP 218.59.238.92
>> tenta
>>>>>> conexão em todos os meus ips (blocos diferentes) na porta 9064
>> (mesma
>>> que a
>>>>>> sua).
>>>>>>>
>>>>>>> Att,
>>>>>>> Fabricio Ramirez
>>>>>>>
>>>>>>> -----Mensagem original-----
>>>>>>> De: caiu-bounces em eng.registro.br [mailto:
>>> caiu-bounces em eng.registro.br]
>>>>>> Em nome de Luzemário
>>>>>>> Enviada em: segunda-feira, 22 de dezembro de 2014 18:55
>>>>>>> Para: Lista das indisponibilidades da Internet brasileira
>>>>>>> Assunto: [caiu] Scan da NSA?
>>>>>>>
>>>>>>> Pessoal,
>>>>>>>
>>>>>>> Se fosse um DDoS viria de vários hosts. Não é comum o mesmo IP
>>> disparar
>>>>>> requisições para tantos hosts na mesma porta. Já tive isso na porta
>>> 80, 22,
>>>>>> 8080... parece alguém procurando um backdoor. O último IP de origem
>>> que
>>>>>> investiguei é de uma cidade de NY. O IP muda de vez em quando, mas o
>>> padrão
>>>>>> é o mesmo. Sempre requisições para todo o bloco na mesma porta
>> várias
>>> vezes.
>>>>>>>
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.29:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.206:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.85:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.211:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.248:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.43:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.234:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.164:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.99:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.205:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.110:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.253:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.236:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.80:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.223:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.83:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.242:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.247:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.239:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.142:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.77:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.72:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.244:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.71:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.136:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.86:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.178:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.102:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.184:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.28:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.209:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.19:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.193:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.189:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.119:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.123:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.126:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.1:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.233:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.160:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.202:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.52:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.221:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.207:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.215:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.195:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.216:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.37:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.170:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.177:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.238:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.91:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.255:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.32:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.59:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.14:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.55:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.44:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.140:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.226:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.134:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.104:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.88:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.127:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.151:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.98:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.76:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.42:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.73:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.82:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.157:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.225:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.237:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.97:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.107:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.138:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.50:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.93:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.185:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.188:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.196:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.194:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.227:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.230:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.179:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.251:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.176:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.254:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.218:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.224:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.56:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.181:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.90:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.149:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.36:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.95:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.53:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.111:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.139:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.172:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.154:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.57:9064
>>>>>>> TCP:S
>>>>>>> block Dec 22 18:37:24 WAN 218.59.238.92:12200
>>>>>> 200.0.81.96:9064
>>>>>>> TCP:S
>>>>>>>
>>>>>>> Se isso não for a NSA, o que mais pode ser?
>>>>>>>
>>>>>>> Luzemário
>>>>>>> _______________________________________________
>>>>>>> caiu mailing list
>>>>>>> caiu em eng.registro.br
>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>
>>>>>>>
>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>
>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>> _______________________________________________
>>>>>>> caiu mailing list
>>>>>>> caiu em eng.registro.br
>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>
>>>>>>>
>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>
>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> caiu mailing list
>>>>>> caiu em eng.registro.br
>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>
>>>>>>
>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>
>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>> --
>>>>> Eduardo Schoedler
>>>>> _______________________________________________
>>>>> caiu mailing list
>>>>> caiu em eng.registro.br
>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>> https://eng.registro.br/mailman/options/caiu
>>>> _______________________________________________
>>>> caiu mailing list
>>>> caiu em eng.registro.br
>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>
>>>>
>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>
>>>> https://eng.registro.br/mailman/options/caiu
>>>
>>>
>>> _______________________________________________
>>> caiu mailing list
>>> caiu em eng.registro.br
>>> https://eng.registro.br/mailman/listinfo/caiu
>>>
>>>
>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>
>>> https://eng.registro.br/mailman/options/caiu
>>
>>
>>
>> --
>> Eduardo Schoedler
>> _______________________________________________
>> caiu mailing list
>> caiu em eng.registro.br
>> https://eng.registro.br/mailman/listinfo/caiu
>>
>>
>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>
>> https://eng.registro.br/mailman/options/caiu
> _______________________________________________
> caiu mailing list
> caiu em eng.registro.br
> https://eng.registro.br/mailman/listinfo/caiu
>
>
> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>
> https://eng.registro.br/mailman/options/caiu
More information about the caiu
mailing list