공격 IP 차단
2012.12.02 18:53
무슨 이유인지 모르겠지만 특정 IP(163.19.184.101)로부터 수일간 지속적으로 서버를 공격하는 것이 확인되었습니다.
덕분에 수십기가짜리 경고 로그 파일이 생겼네요... 그 여파로 시스템 디스크 Full로 일부 서비스에 문제가 있었습니다.
공격하는 IP를 확인해 보면 대만 소재 국립대로 확인이 되네요.
% [whois.apnic.net node-3]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 163.13.0.0 - 163.32.255.255
netname: TANET-B
descr: imported inetnum object for MOEC
country: TW
admin-c: TA61-AP
tech-c: TA61-AP
status: ALLOCATED PORTABLE
notify: ZCHEN@twnmoe10.edu.tw
mnt-by: MAINT-TW-TWNIC
changed: hostmaster@arin.net 20020610
changed: hm-changed@apnic.net 20030407
changed: hm-changed@apnic.net 20040926
changed: hm-changed@apnic.net 20041214
changed: hm-changed@apnic.net 20050119
changed: hostmaster@twnic.net.tw 20050131
source: APNIC
person: TANET ADMIN
nic-hdl: TA61-AP
e-mail: tanetadm@moe.edu.tw
address: 12F, No 106, Sec. 2, Heping E. Rd., Taipei
address: Taipei, 106, R.O.C
phone: +886-2-2737-7044
fax-no: +886-2-2737-7043
country: TW
changed: hostmaster@twnic.net.tw 20090212
mnt-by: MAINT-TW-TWNIC
source: APNIC
inetnum: 163.19.0.0 - 163.19.255.255
netname: T-HCRC.EDU.TW-NET
descr: Taipei Taiwan
country: TW
admin-c: AH171-TW
tech-c: AH171-TW
mnt-by: MAINT-TW-TWNIC
remarks: This information has been partially mirrored by APNIC from
remarks: TWNIC. To obtain more specific information, please use the
remarks: TWNIC whois server at whois.twnic.net.
changed: chuang@mail.moe.gov.tw 19921220
status: ASSIGNED NON-PORTABLE
source: TWNIC
person: Admin
address: HsinChu Taiwan
country: TW
e-mail: abuse@hcrc.edu.tw
nic-hdl: AH171-TW
changed: hostmaster@twnic.net.tw 20041018
source: TWNIC
별 대응 없이 서버에서 해당 IP를 막아버렸습니다.
혹 이후 같은 IP 대역에서 동일한 공격이 확인되면 해당 대역(163.13.0.0 - 163.32.255.255)을 모두 차단할 예정입니다.
댓글 12
-
guriii
2012.12.03 23:50
-
mp40
2012.12.04 01:38
대만 소재 국립대 학생들도 해킨에 관심이 있는 듯?^^
에효... Shadow님 항상 노고가 많으십니다.
-
Shadow
2012.12.13 12:39
서버에 대한 동일한 방식의 공격이 확인된 아래 5개 IP를 차단하였습니다.
193.107.16.161
37.130.232.1
37.130.232.2
163.19.184.101
www.brusson.com
대만 소재 대학은 계속 문제가 있는 듯 합니다.해당 대학의 전체 대역을 차단할 예정입니다. -
Shadow
2012.12.13 13:50
163.13.0.0 - 163.32.255.255 주소를 모두 차단하였습니다. -
희망봉
2012.12.13 22:59
수고많으시네요. 화이팅!
-
Shadow
2012.12.17 14:46
[차단] tor-exit.burratino.net (82.221.99.229)
% APNIC found the following authoritative answer from: whois.ripe.net
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '82.221.99.224 - 82.221.99.239'
inetnum: 82.221.99.224 - 82.221.99.239
netname: IS-BURRATINONET-20121120
descr: Burratino.net
country: IS
admin-c: AZ4980-RIPE
tech-c: AZ4980-RIPE
status: ASSIGNED PA
mnt-by: IS-SKYRR-MNT
source: RIPE # Filtered
person: Anton Ziukin
address: Sderot 17
address: Tel-aviv 67894
address: Israel
phone: +972 546 681 667
nic-hdl: AZ4980-RIPE
abuse-mailbox: abuse@burratino.net
mnt-by: IS-SKYRR-MNT
source: RIPE # Filtered
% Information related to '82.221.96.0/19AS50613'
route: 82.221.96.0/19
descr: Thor DC
origin: AS50613
mnt-by: THOR-MNT
mnt-lower: THOR-MNT
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.47 (WHOIS4)
-
Shadow
2012.12.17 14:46
[차단] 60.189.153.206
% APNIC found the following authoritative answer from: whois.apnic.net
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 60.189.128.0 - 60.189.255.255
netname: CHINANET-ZJ-TZ
country: CN
descr: CHINANET-ZJ Taizhou node network
descr: Zhejiang Telecom
admin-c: CZ4-AP
tech-c: CT24-AP
status: ALLOCATED NON-PORTABLE
changed: auto-dbm@dcb.hz.zj.cn 20060808
mnt-by: MAINT-CHINANET-ZJ
mnt-lower: MAINT-CN-CHINANET-ZJ-TZ
source: APNIC
role: CHINANET ZHEJIANG
address: No. 257 Qingjiang Road, Hangzhou, Zhejiang.310066
country: CN
phone: +86-571-86821752
fax-no: +86-571-86988329
e-mail: antispam@dcb.hz.zj.cn
remarks: send spam reports to antispam@dcb.hz.zj.cn
remarks: and abuse reports to antispam@dcb.hz.zj.cn
remarks: Please include detailed information and times in UTC
admin-c: CZ61-AP
tech-c: CZ61-AP
nic-hdl: CZ4-AP
mnt-by: MAINT-CHINANET-ZJ
changed: hjh@dcb.hz.zj.cn 20050914
source: APNIC
changed: hm-changed@apnic.net 20111114
role: CHINANET-ZJ Taizhou
address: No.668 Shifu Street,Jiaojiang,Taizhou,Zhejiang.318000
country: CN
phone: +86-576-8680619
fax-no: +86-576-8680613
e-mail: anti-spam@mail.tzptt.zj.cn
remarks: send spam reports to anti-spam@mail.tzptt.zj.cn
remarks: and abuse reports to anti-spam@mail.tzptt.zj.cn
remarks: Please include detailed information and times in UTC
admin-c: CH111-AP
tech-c: CH111-AP
nic-hdl: CT24-AP
mnt-by: MAINT-CHINANET-ZJ
changed: master@dcb.hz.zj.cn 20031204
source: APNIC
changed: hm-changed@apnic.net 20111114
-
Shadow
2012.12.17 14:48
[차단] server.ranas.co.in (173.193.106.10)
% APNIC found the following authoritative answer from: whois.arin.net
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=173.193.106.10?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 173.192.0.0 - 173.193.255.255
CIDR: 173.192.0.0/15
OriginAS: AS36351
NetName: SOFTLAYER-4-8
NetHandle: NET-173-192-0-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
Comment: SoftLayer provides on-demand IT infrastructure, dedicated servers and cloud resources.
RegDate: 2009-07-21
Updated: 2012-03-09
Ref: http://whois.arin.net/rest/net/NET-173-192-0-0-1
OrgName: SoftLayer Technologies Inc.
OrgId: SOFTL
Address: 4849 Alpha Rd.
City: Dallas
StateProv: TX
PostalCode: 75244
Country: US
RegDate: 2005-10-26
Updated: 2012-10-24
Ref: http://whois.arin.net/rest/org/SOFTL
ReferralServer: rwhois://rwhois.softlayer.com:4321
OrgTechHandle: IPADM258-ARIN
OrgTechName: IP Admin
OrgTechPhone: +1-214-442-0600
OrgTechEmail: ipadmin@softlayer.com
OrgTechRef: http://whois.arin.net/rest/poc/IPADM258-ARIN
OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-442-0601
OrgAbuseEmail: abuse@softlayer.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE1025-ARIN
RTechHandle: IPADM258-ARIN
RTechName: IP Admin
RTechPhone: +1-214-442-0600
RTechEmail: ipadmin@softlayer.com
RTechRef: http://whois.arin.net/rest/poc/IPADM258-ARIN
RNOCHandle: IPADM258-ARIN
RNOCName: IP Admin
RNOCPhone: +1-214-442-0600
RNOCEmail: ipadmin@softlayer.com
RNOCRef: http://whois.arin.net/rest/poc/IPADM258-ARIN
RAbuseHandle: ABUSE1025-ARIN
RAbuseName: Abuse
RAbusePhone: +1-214-442-0601
RAbuseEmail: abuse@softlayer.com
RAbuseRef: http://whois.arin.net/rest/poc/ABUSE1025-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
-
Shadow
2012.12.17 14:49
[차단] vikaisp02.vika.no (195.204.97.24)
% APNIC found the following authoritative answer from: whois.ripe.net
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '195.204.96.0 - 195.204.97.255'
inetnum: 195.204.96.0 - 195.204.97.255
netname: AS2116-CUSTOMERNET-VIKAAS
descr: Customer nets
country: NO
admin-c: JK7418-RIPE
tech-c: JK7418-RIPE
status: ASSIGNED PA
mnt-by: AS2116-MNT
source: RIPE # Filtered
person: Jon Kraabol
address: Vika AS
address: STRANDGATA 13C
address: 2815 GJØVIK
phone: +47 48055315
nic-hdl: JK7418-RIPE
mnt-by: AS2116-MNT
source: RIPE # Filtered
% Information related to '195.204.0.0/16AS2116'
route: 195.204.0.0/16
descr: Ventelo
origin: AS2116
mnt-by: AS2116-MNT
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.47 (WHOIS2)
-
Shadow
2012.12.17 14:50
[차단] prestodocs.com (83.169.41.245)
% APNIC found the following authoritative answer from: whois.ripe.net
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '83.169.40.0 - 83.169.47.255'
inetnum: 83.169.40.0 - 83.169.47.255
remarks: INFRA-AW
netname: DE-HE-LVPS-NET
descr: Host Europe GmbH
descr: hostmaster@hosteurope.de
country: DE
admin-c: HER
tech-c: HER
status: ASSIGNED PA
mnt-by: HOSTEUROPE-MNT
source: RIPE # Filtered
role: Host Europe Ripehandle
address: Welserstrasse 14
address: 51149 Koeln
phone: +49 2203 1045 0
abuse-mailbox: abuse@hosteurope.de
admin-c: HONK
admin-c: JUPP
admin-c: MATE
admin-c: METT
admin-c: OUZO
admin-c: SEPP
admin-c: WIRR
admin-c: YOR
tech-c: HONK
tech-c: JUPP
tech-c: MATE
tech-c: METT
tech-c: OUZO
tech-c: SEPP
tech-c: WIRR
tech-c: YOR
nic-hdl: HER
mnt-by: HOSTEUROPE-MNT
source: RIPE # Filtered
% Information related to '83.169.0.0/18AS20773'
route: 83.169.0.0/18
descr: DE-HER-83-169-SLASH-18
origin: AS20773
member-of: AS20773:RS-HOSTEUROPE
mnt-by: HOSTEUROPE-MNT
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.47 (WHOIS2)
-
Shadow
2012.12.17 14:51
[차단] 193.140.168.54
% APNIC found the following authoritative answer from: whois.ripe.net
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '193.140.168.0 - 193.140.171.255'
inetnum: 193.140.168.0 - 193.140.171.255
netname: KATU-NET
descr: Karadeniz University
country: TR
admin-c: AP2462-RIPE
tech-c: AP2462-RIPE
status: ASSIGNED PA
mnt-by: ULAKNET-MNT
source: RIPE # Filtered
person: Aras Perekli
address: Karadeniz Teknik University
address: Computer Center 61000
address: Trabzon
address: Turkey
phone: +90 462 3250201
nic-hdl: AP2462-RIPE
source: RIPE # Filtered
% Information related to '193.140.0.0/16AS8517'
route: 193.140.0.0/16
descr: ULAKNET
origin: AS8517
mnt-by: ULAKNET-MNT
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.47 (WHOIS2)
-
Shadow
2012.12.17 14:58
[차단] www.upesh.edu.pk (121.52.147.5)
% APNIC found the following authoritative answer from: whois.apnic.net
% [whois.apnic.net node-5]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 121.52.147.0 - 121.52.147.15
netname: PERN-PK
descr: PERN IPV4 Allocation for Air University Islamabad
country: PK
admin-c: AC967-AP
tech-c: AR216-AP
status: ASSIGNED NON-PORTABLE
mnt-by: MAINT-PK-PERN
changed: arazak@hec.gov.pk 20090401
source: APNIC
route: 121.52.144.0/20
descr: Route-Object
origin: AS45773
country: PK
notify: wakhan@hec.gov.pk
mnt-routes: MAINT-PK-PERN
mnt-by: MAINT-PK-PERN
changed: wakhan@hec.gov.pk 20110617
source: APNIC
route: 121.52.144.0/20
descr: PERN-PK
origin: AS17557
mnt-by: MAINT-PK-PERN
changed: hm-changed@apnic.net 20080115
source: APNIC
person: Abdullah Fayaz Chattha
nic-hdl: AC967-AP
e-mail: achattha@hec.gov.pk
address: Data Center, Higher Education Commission, Sector H-9 Islamabad
phone: +92-51-9040435
fax-no: +92-51-9257529
country: PK
changed: arazak@hec.gov.pk 20070802
mnt-by: MAINT-NEW
source: APNIC
person: Abdul Razak Raja
nic-hdl: AR216-AP
e-mail: arazak@hec.gov.pk
address: Data Center, Higher Education Commission, Sector H-9, Islamabad
address: Pakistan
phone: +92-51-9040416
fax-no: +92-51-9257529
country: PK
changed: arazak@hec.gov.pk 20070706
mnt-by: MAINT-NEW
source: APNIC
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
공지 | Respawn---ed! | Shadow | 2023.06.01 | 1746 |
공지 | 서버 업데이트 [3] | Shadow | 2014.12.25 | 59831 |
공지 | 서버 복구 [3] | Shadow | 2014.10.01 | 59912 |
공지 | 신규 회원 가입 관련 안내 [1] | Shadow | 2013.09.17 | 103226 |
공지 | FTP Server TLS 암호화 추가 [7] | Shadow | 2013.02.18 | 112316 |
공지 | 중국/대만 전체 IP 차단 [3] | Shadow | 2013.01.02 | 110793 |
공지 | [종료] FTP 대신 WebHard를 이용해 주세요 [1] | Shadow | 2012.05.14 | 118371 |
38 | 서버 업데이트 [6] | Shadow | 2014.01.05 | 35155 |
37 | 서버 시스템 점검 (완료) [4] | Shadow | 2013.01.28 | 63267 |
36 | 중국/대만 전체 IP 차단 예정 [1] | Shadow | 2013.01.01 | 56360 |
» | 공격 IP 차단 [12] | Shadow | 2012.12.02 | 74067 |
34 | 제로보드 (Xpress Engine) 1.5.2.4 업데이트 완료 [4] | Shadow | 2012.05.07 | 79973 |
33 | 서버 업데이트 예정 | Shadow | 2012.05.07 | 68397 |
32 | Server Specification | Shadow | 2012.04.05 | 70226 |
31 | HoneyMoon [9] | Shadow | 2011.11.25 | 66850 |
30 | 결혼합니다 [8] | Shadow | 2011.11.14 | 71115 |
29 | zeno님 감사합니다. | Shadow | 2011.01.27 | 70942 |
28 | sujang님 감사합니다. | Shadow | 2011.01.27 | 69753 |
27 | AirVideo Server 비공개 전환 | Shadow | 2011.01.04 | 72083 |
26 | wowjam님 감사합니다. | Shadow | 2011.01.03 | 66062 |
대만 대학 ㄷ ㄷ