bsd0x Posted September 7, 2020 at 01:36 PM Share Posted September 7, 2020 at 01:36 PM Este projeto surgiu com uma simples conversa com um dos diretores da BS2 internet, estamos planejando criar uma ferramenta para bloquear todo o tráfego que não fosse oriundo do Brasil. Dito isso, o projeto apresentado é apenas uma PoC (Proof of Concept) não tem a intenção de se tornar um projeto profissional. Quem administra servidores de hospedagem, sabem que todos os dias recebemos ataques de brute force, negação de serviço, etc. A mitigação desses ataques, quase sempre é realizada com sucesso, visto que as técnicas utilizadas já são conhecidas. Recentemente, comecei a analisar alguns dos IP’s que ficavam bloqueados nos firewalls e pensei em automatizar esse processo, pelo menos para saber de onde estão vindos os ataques. Honeypot Utilizei uma técnica para atrair os ataques, a técnica conhecida como honeypot, se basea na criação de uma máquina para ser atacada. Criei uma máquina na Amazon Web Services com o serviço SSH exposto para a internet, não passou muito tempo os ataques começaram a surgir. O primeiro IP que apareceu no meu mapa era um relay da rede TOR que estava hospedado na França, fiquei um pouco surpreso, estava esperando algo vindo da Rússia ou China. Duas semanas depois, eu já estava recebendo ataques da China, Japão, Coréia do Sul, etc. Acho que dos seis continentes existentes na terra, só não recebi ataques da Antártida e da Oceania. Montando o projeto Eu utilizei o fail2ban para bloquear os ataques que eu recebia, todos os bans eram permanentes, para manter o mapa cada vez mais cheio. Talvez, a única “ferramenta” que vocês não conheçam, seja o geohash, um sistema para gerar um código único, baseado na latitude e longitude. Foi o geohash que permitiu que os pontos aparecessem no mapa. Para salvar os valores, ip, latitude, longitude, geohash, usei um banco de dados muito simples e rapído, chamado InfluxDB e o grafana para consultar os dados no InfluxDB e popular o mapa. É uma solução simples, porém, a apresentação ficou muito elegante. Como podem notar na imagem acima, a china ultrapassou rapidamente qualquer outro pais. Esses chineses, rsrs. Investigando alguns IP’s A china foi a campeã de bloqueios, o curioso é que todos os IP’s bloqueados estavam dentro de um conjunto. Eu recebi uma série de ataques vindo de uma rede 222.186., todos os IP’s pertence a mesma organização CHINANET jiangsu province backbone. Lista completa dos IP’s chineses vindo da mesma rede. 222.186.190.2 222.186.180.8 222.186.175.150 222.186.175.148 222.186.175.183 222.186.175.163 222.186.175.202 222.186.173.142 222.186.175.154 222.186.169.192 222.186.173.215 222.186.180.223 222.186.175.167 222.186.173.154 222.186.175.169 222.186.180.41 222.186.173.226 222.186.180.6 222.186.175.212 222.186.180.147 222.186.175.215 222.186.175.217 222.186.175.182 222.186.169.194 222.186.175.216 222.186.175.151 222.186.173.238 222.186.173.201 Agora, falando do Brasil, recebi alguns ataques vindo de São Paulo, Rio de Janeiro e Goiania. Segue a lista dos IP’s. 131.100.62.239 191.234.182.188 189.62.163.15 187.14.162.247 187.22.122.58 187.20.182.37 189.124.126.142 179.70.119.186 191.203.19.128 177.141.124.184 191.232.242.173 Lista completa dos IP’s bloqueados e identificados Autor: Gabriel "bsd0x" Dutra Github: github.com/bsd0x Twitter: https://twitter.com/bsd0x1 ------------------------------------------- root@ip-172-31-70-224:~# influx Visit https://enterprise.influxdata.com to register for updates, InfluxDB server management, and monitoring. Connected to http://localhost:8086 version 0.10.0 InfluxDB shell 0.10.0 > use fail2ban Using database fail2ban > select * from fail2ban_ips; name: fail2ban_ips ------------------ time country geohash ip localization 1598681529186847425 FR u09tvmqrejb4 212.47.229.4 48.8534,2.3488 1598681529247367514 CN wtw3egg46zgm 222.186.190.2 31.2222,121.4581 1598681529334784995 CN wwhubf6nkc4r 218.92.0.224 34.5984,119.2156 1598691603149733219 CN wtw3egg46zgm 222.186.180.8 31.2222,121.4581 1598691603260558023 CN wtw3egg46zgm 222.186.175.150 31.2222,121.4581 1598691603327409821 CN wtw3egg46zgm 218.92.0.247 31.2222,121.4581 1598691603428858082 CN wtw3egg46zgm 218.92.0.249 31.2222,121.4581 1598691603499371652 CN wwhszd9jz789 218.92.0.184 34.5997,119.1594 1598702404189529894 CN wwhszd9jz789 218.92.0.175 34.5997,119.1594 1598702404294088434 CN wtw3egg46zgm 222.186.175.148 31.2222,121.4581 1598702404387900744 CN wtw3egg46zgm 222.186.175.183 31.2222,121.4581 1598702404544135872 US dr5regy3zpwg 198.98.49.181 40.7143,-74.0060 1598702404644344207 CN wwhubf6nkc4r 218.92.0.223 34.5984,119.2156 1598712114768910974 CN wtw3egg46zgm 222.186.175.163 31.2222,121.4581 1598712114838224365 CN wtte94zqpt3p 61.177.172.61 31.5689,120.2886 1598712114953248136 CN ws0e9060s30w 218.92.0.210 23.1167,113.2500 1598712115054551211 CN wtw3egg46zgm 222.186.175.202 31.2222,121.4581 1598712115139639293 CN wtw3egg46zgm 222.186.173.142 31.2222,121.4581 1598716804268610927 CN wtw3egg46zgm 222.186.175.154 31.2222,121.4581 1598716804366935319 VN w3gvd6m29c2m 45.119.212.105 10.8230,106.6296 1598720406032002610 CN wwhszd9jz789 218.92.0.171 34.5997,119.1594 1598724006335265273 CN wtw3egg46zgm 222.186.169.192 31.2222,121.4581 1598727605121192990 CN wtw3egg46zgm 222.186.173.215 31.2222,121.4581 1598731207345653652 CN wtte94zqpt3p 61.177.172.168 31.5689,120.2886 1598738499357251983 CN wx4g08vy534y 112.85.42.172 39.9075,116.3972 1598738499447898294 CN wx4g08vy534y 112.85.42.174 39.9075,116.3972 1598738712792797161 CN wtte94zqpt3p 61.177.172.54 31.5689,120.2886 1598739653424698857 BR 6gdzbyucv6gz 131.100.62.239 -23.9128,-52.3431 1598742008291293493 CN wtte94zqpt3p 61.177.172.177 31.5689,120.2886 1598742008355046180 CN wtw3egg46zgm 222.186.180.223 31.2222,121.4581 1598742008441556667 CN wtw3egg46zgm 222.186.175.167 31.2222,121.4581 1598742008528203198 CN wtw3egg46zgm 222.186.173.154 31.2222,121.4581 1598749207054392581 JP xn739f6jbvg7 122.26.87.3 35.4333,139.6500 1598752807712777945 CN wtw3egg46zgm 218.92.0.251 31.2222,121.4581 1598760009300392131 CN wtw3egg46zgm 222.186.175.169 31.2222,121.4581 1598767206431682292 CN wwe0w76b26e3 111.14.221.8 36.6683,116.9972 1598767206520828335 CN wtw3egg46zgm 222.186.180.41 31.2222,121.4581 1598767206605917063 CN wtw3egg46zgm 222.186.173.226 31.2222,121.4581 1598774406423836547 CN wtw3egg46zgm 222.186.180.6 31.2222,121.4581 1598781606316516938 CN wtw3egg46zgm 222.186.175.212 31.2222,121.4581 1598792406301644870 CN wtw3egg46zgm 222.186.180.147 31.2222,121.4581 1598792406431826067 CN wtw3egg46zgm 222.186.175.215 31.2222,121.4581 1598796006085150202 CN wtw3egg46zgm 222.186.175.217 31.2222,121.4581 1598799606944092627 CN wwhszd9jz789 218.92.0.165 34.5997,119.1594 1598799607032646846 CN wtw3egg46zgm 222.186.175.182 31.2222,121.4581 1598806807066552455 CN wtw3egg46zgm 222.186.169.194 31.2222,121.4581 1598806807160489771 CN wtte94zqpt3p 61.177.172.142 31.5689,120.2886 1598810410831115714 NL u173zq2sdm0x 141.98.9.32 52.3740,4.8897 1598810410962934319 NL u173zq2sdm0x 141.98.9.33 52.3740,4.8897 1598810411021519482 NL u173zq2sdm0x 141.98.9.34 52.3740,4.8897 1598810411108359918 NL u173zq2sdm0x 141.98.9.35 52.3740,4.8897 1598810411165239098 NL u173zq2sdm0x 141.98.9.36 52.3740,4.8897 1598810411253471164 NL u173zq2sdm0x 141.98.9.31 52.3740,4.8897 1598810411340317445 CN wtw3egg46zgm 222.186.175.216 31.2222,121.4581 1598810411426835921 CN wtw3egg46zgm 218.92.0.248 31.2222,121.4581 1598817607543893221 CN wtw3egg46zgm 222.186.175.151 31.2222,121.4581 1598832010629661205 CN wtw3egg46zgm 222.186.173.238 31.2222,121.4581 1598839208783308813 CN wtw3egg46zgm 222.186.173.201 31.2222,121.4581 1598864407467854197 IT u0nkwenhjgku 88.149.143.229 45.8082,9.0832 1598889610497927714 RU v1pntbctz4g1 31.173.168.226 51.7727,55.0988 1598889610563107146 KR wydj54xzvjsv 119.197.77.72 37.4565,126.7052 1598896769241325363 GB gcn9hc0we3y6 51.195.166.192 50.8074,-1.8998 1598896769449351819 BR 6gyt9n5m5ysj 191.234.182.188 -22.9056,-47.0608 1598911214131612393 US dp9mp8g5cv9g 65.29.175.106 43.0712,-87.9084 1598911214270999317 KR wydp53xyby1g 222.236.141.123 37.8024,126.7160 1598911214484107071 HK wecnwpekx24g 113.255.253.193 22.2783,114.1747 1598911214615126535 SE u628233by9ub 83.250.5.147 57.7072,11.9668 1598911214748649452 HK wecnwpekx24g 1.65.143.19 22.2783,114.1747 1598911214884750815 LT u3zhcj158spm 86.100.88.76 55.7068,21.1391 1598911215017453188 ES eysenn2yw3e8 185.137.106.180 37.1253,-4.6569 1598911215148998709 UA u8wnf6r7w5nb 152.89.22.242 49.0120,31.0466 1598911215282340360 HK wecnwpekx24g 219.78.159.147 22.2783,114.1747 1598911215413005644 EC 6rbntn5v6fhj 201.219.50.223 -0.2298,-78.5250 1598911215546666466 SE u67t24xzcyt1 213.113.130.17 58.5942,16.1826 1598911215680643875 KR wydm9qwvg1vw 175.198.81.207 37.5660,126.9784 1598911215811424021 KR wydm9qwvg1vw 1.230.26.66 37.5660,126.9784 1598911215942346761 BY u9edek1qq8jr 134.17.33.128 53.9000,27.5667 1598911216074715935 TW wsmgtrv1km2t 123.241.131.20 24.5643,120.8237 1598911216207989834 VE d3y9m8pz0u06 200.84.171.5 10.0647,-69.3570 1598922014645794336 BZ d517918myznz 85.209.0.217 17.4995,-88.1976 1598925615369920551 BR 6gyf4c29u5g7 189.62.163.15 -23.5475,-46.6361 1598925615508905134 RU ucfwsum2psf6 77.41.96.176 56.0097,37.4819 1598925615642737526 TW wsj8dzh3mxfn 220.143.22.51 22.6266,120.3613 1598925615773150598 KR wydurrwgttd7 121.158.45.50 37.3514,127.9453 1598925616005026826 KR wydm9qwvg1vw 221.138.50.58 37.5660,126.9784 1598925616206214218 HK wecnwpekx24g 168.70.69.186 22.2783,114.1747 1598925616341713158 US dr5regy3zpwg 74.72.104.14 40.7143,-74.0060 1598925616472157561 KR wydm9qwvg1vw 221.148.155.163 37.5660,126.9784 1598925616607425740 TW wsmc65z3fsqj 113.61.199.106 24.1469,120.6839 1598925616738411541 US cb74dvr69j2f 140.186.57.67 46.8750,-96.9004 1598925616868845064 CA dpzke4uc2dt1 99.233.151.187 44.4001,-79.6663 1598925617001329701 US dhwvjggvhnsp 73.125.199.72 26.2129,-80.2498 1598925617141975137 BG sx8dfub4fyvk 95.42.20.9 42.6975,23.3241 1598925617273876328 SE u628233by9ub 213.142.9.231 57.7072,11.9668 1598925617407261073 KR wydjm42wume7 119.69.6.91 37.4989,126.7831 1598925617541044436 KR wydurrwgttd7 211.250.133.183 37.3514,127.9453 1598932816511548568 GR sqzxfy5h9696 85.75.36.145 39.3648,21.9219 1598932816646488043 LT u99zp7b5wjc1 141.98.10.211 54.6892,25.2798 1598932816781242953 LT u99zp7b5wjc1 141.98.10.212 54.6892,25.2798 1598932816912304634 LT u99zp7b5wjc1 141.98.10.214 54.6892,25.2798 1598932817043640656 LT u99zp7b5wjc1 141.98.10.209 54.6892,25.2798 1598932817177301565 LT u99zp7b5wjc1 141.98.10.210 54.6892,25.2798 1598936418586204979 NL u173zq2sdm0x 141.98.9.163 52.3740,4.8897 1598936418717354932 NL u173zq2sdm0x 141.98.9.165 52.3740,4.8897 1598936418851100374 NL u173zq2sdm0x 141.98.9.166 52.3740,4.8897 1598936418985328765 NL u173zq2sdm0x 141.98.9.162 52.3740,4.8897 1598950818081203750 DE u33dc1v0z3cd 185.220.101.8 52.5244,13.4105 1598950818214591461 DE u33dc1v0z3cd 185.220.102.254 52.5244,13.4105 1599004819013277660 TW wsmc65z3fsqj 27.96.250.164 24.1469,120.6839 1599004819151858023 HK wecnwpekx24g 223.19.27.217 22.2783,114.1747 1599004819446758459 KR wydm9qwvg1vw 211.46.30.230 37.5660,126.9784 1599004819673340270 HK wecnwpekx24g 221.124.101.93 22.2783,114.1747 1599004819810984808 HK wecnwpekx24g 223.16.146.128 22.2783,114.1747 1599004819948506988 VN w6mrns0mk9kg 112.197.139.4 13.9096,108.9190 1599004820083833427 KR wydm9qwvg1vw 121.162.48.218 37.5660,126.9784 1599004820218943548 SE u6s8c04qg2bp 90.224.199.131 59.1955,17.6253 1599004820346407794 UA ubcu2fwrm0km 37.57.65.189 49.9808,36.2527 1599004820484584271 RU v1pntbctz4g1 85.192.155.7 51.7727,55.0988 1599004820621518398 CN wx4g08vy534y 112.85.42.143 39.9075,116.3972 1599004820756931701 KR wydp53xyby1g 125.142.122.130 37.8024,126.7160 1599004820892197169 TW wsj8dzh3mxfn 114.27.129.16 22.6266,120.3613 1599004821031671477 HK wecnwpekx24g 221.127.107.122 22.2783,114.1747 1599004821169099757 RU v31sf1jy8vs7 95.71.141.101 51.4666,58.4552 1599004821306595595 US dqcnk750c3wt 69.137.35.62 39.0840,-77.1528 1599004821442511240 BD wh0ddbukhrsb 103.113.192.86 22.9443,90.8300 1599004821584207470 CY swpytje8xsmt 109.110.231.86 34.9229,33.6233 1599004821718890730 PA d1qmvq287nnf 190.218.132.163 8.0764,-80.9794 1599004821854377198 RU v3g9vb7r3fbc 77.222.108.240 55.1540,61.4291 1599004821993741946 HK wecnwpekx24g 58.152.199.57 22.2783,114.1747 1599004822129011602 TW wsj8dzh3mxfn 114.47.176.187 22.6266,120.3613 1599004822264479686 HK wecnwpekx24g 223.16.155.39 22.2783,114.1747 1599004822398994183 KR wy6wf9nug73g 211.229.221.30 36.3491,127.3849 1599004822540542828 ES eysenn2yw3e8 185.234.159.68 37.1253,-4.6569 1599004822676231694 IE gc6gdcrhgqr9 51.171.112.182 52.6542,-7.2522 1599004822811648152 HK wecnwpekx24g 219.78.249.208 22.2783,114.1747 1599004822947004190 HK wecnwpekx24g 119.237.106.195 22.2783,114.1747 1599004823331006020 CN ws0e9060s30w 222.90.28.99 23.1167,113.2500 1599004823468811302 UA u8vxn8fzbjfb 176.36.69.72 50.4547,30.5238 1599004823610906009 HK wecnwpekx24g 223.16.201.220 22.2783,114.1747 1599004823751943941 HK wecnwpekx24g 58.153.113.184 22.2783,114.1747 1599004823888397990 UA u8vxn8fzbjfb 93.72.121.32 50.4547,30.5238 1599004824020965323 GB gcpvj0u6ybr6 213.248.112.37 51.5085,-0.1257 1599004824157224456 HK wecnwpekx24g 112.118.154.39 22.2783,114.1747 1599004824293265540 RU uf407zhm7bjx 95.72.79.209 56.3333,36.7333 1599004824429864482 HK wecnwpekx24g 42.98.211.95 22.2783,114.1747 1599004824566886307 UA u8x8xbuybtep 77.122.203.3 47.9057,33.3940 1599004824699786959 GB gcw2jpfubf3e 81.88.166.204 53.4809,-2.2374 1599004824836491008 US dr5pr69kvr52 100.1.169.63 40.6640,-74.2107 1599004824977795274 HK wecnwpekx24g 219.77.75.130 22.2783,114.1747 1599004825114474428 RU ufp23q362ytr 5.166.211.12 56.3287,44.0020 1599004825253260579 KR wydm9qwvg1vw 183.101.244.165 37.5660,126.9784 1599004825388863308 CY sy0p640und2m 87.228.185.194 35.0361,33.8392 1599004825527929999 BR 75cnkrvsbttc 187.14.162.247 -22.7642,-43.3994 1599008425716352097 SE u6sce0t4z1z0 46.59.17.108 59.3294,18.0687 1599008426004554290 MO webwrc3xzgu9 60.246.199.87 22.2006,113.5461 1599008426142130162 US dng1cj9p0ex2 162.154.47.54 38.3078,-85.7359 1599008426278535478 TW wsqqmxbf482f 1.162.171.107 25.0478,121.5319 1599008426415855780 PA d1mrunpssfd4 190.219.136.64 8.4273,-82.4309 1599008426553317709 MO webwrc3xzgu9 60.246.9.15 22.2006,113.5461 1599008426689943905 KR wy4rbp9ngz43 121.147.9.57 35.1547,126.9156 1599008426831753305 KR wydm9qwvg1vw 118.36.174.59 37.5660,126.9784 1599008426969247951 CN wwgqdmt7z4bm 111.33.31.67 39.1422,117.1767 1599008427107625087 KR wydnnpnkmtwx 112.157.129.192 37.6564,126.8350 1599008427243664722 HK wecnwpekx24g 1.65.198.230 22.2783,114.1747 1599008427379220383 CN ws1078q101c4 14.215.128.96 22.5455,114.0683 1599008427518101247 BR 6gxp2jfs06s9 187.22.122.58 -24.0058,-46.4028 1599008427659209749 HK wecnwpekx24g 219.79.222.159 22.2783,114.1747 1599012028006353138 NA k7upstptgrj1 160.242.62.144 -22.5594,17.0832 1599012028144651412 BR 7h2y8jt2zj9x 187.20.182.37 -19.9208,-43.9378 1599012028284480437 US dhvrmxquxrjd 75.113.213.108 28.0338,-82.3659 1599091220275607611 CA c2fcqz8m2uks 96.50.224.169 49.4806,-119.5858 1599091220341488164 SE u7xv05hx1fme 78.71.119.4 65.5841,22.1547 1599091220432351765 UA u8mb7w6yy6wc 178.92.176.153 46.4857,30.7438 1599091220493129045 SE u6scdctw6dcu 213.103.133.0 59.3355,18.0582 1599091220555197832 HK wecnwpekx24g 119.236.177.151 22.2783,114.1747 1599091220613715522 KR wy5z8nhf0zjk 112.185.238.230 35.1017,129.0300 1599091220675474356 HK wecnwpekx24g 113.254.70.174 22.2783,114.1747 1599091220737885428 HK wecnwpekx24g 116.49.131.4 22.2783,114.1747 1599091220797766742 TW wsmc65z3fsqj 210.209.255.2 24.1469,120.6839 1599091220860458463 HK wecnwpekx24g 223.17.185.237 22.2783,114.1747 1599091220920566610 HK wecnwpekx24g 113.252.201.30 22.2783,114.1747 1599091220980406053 KR wydm9qwvg1vw 175.208.167.110 37.5660,126.9784 1599091221041059765 ES ezjmgtxg5jtm 185.171.166.188 40.4165,-3.7026 1599091221102597968 NL u173w9jf1pf8 35.220.192.160 52.3008,4.8639 1599091221161959294 US dp3wj6x1yvrn 89.187.182.111 41.8500,-87.6500 1599091221222586161 BZ d517918myznz 85.209.0.252 17.4995,-88.1976 1599091221313155710 CN wtte94zqpt3p 112.85.42.69 31.5689,120.2886 1599091221373860451 US 9zvwspf94t62 199.19.226.35 44.7791,-93.3363 1599091221756762961 BZ d517918myznz 85.209.0.85 17.4995,-88.1976 1599091221821920308 CN wqj6ysx3h3gp 118.194.132.112 34.2583,108.9286 1599091221884225494 JP xn0m77v9qn7m 45.120.159.173 34.6937,135.5022 1599091221947851260 BY u9edek1qq8jr 134.17.174.254 53.9000,27.5667 1599091222039921926 KR wy4rbp9ngz43 125.136.42.80 35.1547,126.9156 1599091222101769361 CN wtw3egg46zgm 117.48.143.109 31.2222,121.4581 1599091222163612639 KR wy7gukcp6y4w 58.230.164.240 35.8428,129.2117 1599091222224006022 BR 6fuuue6j6we9 189.124.126.142 -28.6775,-49.3697 1599091222286253950 HK wecnwpekx24g 112.118.135.240 22.2783,114.1747 1599091222349514331 BR 75fjg9t2qs9y 179.70.119.186 -22.8872,-42.0262 1599091222412024977 KR wyd6hbq2bqde 121.137.164.197 36.9156,127.1314 1599091222502853504 KR wydz6wvhnefc 221.159.205.165 37.8747,127.7342 1599091222592853606 US dqbyhexq43hn 47.53.169.98 39.0437,-77.4875 1599091222652996963 PL u3qcnhhkdkms 195.191.162.83 52.2298,21.0118 1599091222715650782 UA ubdchnqdr053 91.241.248.174 48.0230,37.8022 1599091222777230865 KR wydp53xyby1g 211.227.39.53 37.8024,126.7160 1599091222839118110 FR u09tvmqrejb4 51.77.210.201 48.8534,2.3488 1599091222901822731 CN wt3mbpw2xh74 119.96.26.255 30.5833,114.2667 1599091222960958414 CN ws1078q101c4 183.63.53.98 22.5455,114.0683 1599091223052868151 US 9q5ctjs66m6p 198.55.107.181 34.0443,-118.2509 1599091223113967558 US 9v0e3466xujk 24.175.101.65 28.7091,-100.4995 1599091223175272729 UA u8wgynxt2fw8 109.95.34.179 48.5083,32.2662 1599091223237347171 PY 6g3nvk17jpk2 181.126.28.119 -25.5097,-54.6111 1599091223300207887 TW wsmc65z3fsqj 111.83.38.29 24.1469,120.6839 1599091223360815555 TW wsmc65z3fsqj 106.107.244.62 24.1469,120.6839 1599091223425670105 HK wecnwpekx24g 183.178.128.231 22.2783,114.1747 1599091223489574111 US 9q5ctr186n4v 194.180.224.130 34.0522,-118.2437 1599091223552441857 US drt3qg70jebe 98.216.243.161 42.4251,-71.0662 1599091223632260720 US dn6m9pv98umh 64.139.73.170 36.1659,-86.7844 1599091224008715113 HK wecnwpekx24g 119.247.93.178 22.2783,114.1747 1599091224070517197 BR 75cm9q58tc9c 191.203.19.128 -22.9064,-43.1822 1599091224139509949 UA u8v7m5wbyc1h 178.54.208.134 49.8094,30.1121 1599091224202407301 UA ub6eym2szdyn 31.202.216.191 47.0951,37.5413 1599091224302025027 KR wy67v35j8n5s 211.194.75.208 35.8219,127.1489 1599091224362801647 CY swpmrf13wbgg 194.154.144.167 34.6841,33.0379 1599091224425351847 US dr28h60nf8bj 73.130.227.206 40.7934,-77.8600 1599091224487026830 HK wecnwpekx24g 119.236.251.23 22.2783,114.1747 1599091224548753231 CN wt47hmc8kvhs 182.107.200.17 28.6840,115.8531 1599091224619083364 FR u09tvqnfzuzr 193.104.211.30 48.8567,2.3497 1599091224681472458 HK wecnwpekx24g 221.124.207.104 22.2783,114.1747 1599091224744279634 KR wydj54xzvjsv 175.210.62.189 37.4565,126.7052 1599091224834419884 HK wecnwpekx24g 223.17.48.217 22.2783,114.1747 1599091224897291214 KR wy7fntme1w0r 210.220.94.73 35.5372,129.3167 1599091224960382564 HK wecnwpekx24g 218.103.196.125 22.2783,114.1747 1599091225022185558 KR wydm9qwvg1vw 221.167.202.141 37.5660,126.9784 1599149317955669870 DE u1jpe058uf4y 46.91.200.32 51.9435,7.1681 1599149318030286074 CN wx4g08vy534y 27.211.211.36 39.9075,116.3972 1599149318125450903 CN wkz5reqhpknb 150.138.92.202 27.3086,111.4319 1599149318190321872 ES ezjmgtxg5jtm 170.253.28.71 40.4165,-3.7026 1599156025903449631 US 9q5ctr186n4v 194.180.224.103 34.0522,-118.2437 1599177625826843061 DE u1hg6hwk0buy 185.132.53.194 51.2217,6.7762 1599177625893583667 BZ d517918myznz 85.209.0.237 17.4995,-88.1976 1599177625959344279 NL u173zq2sdm0x 45.148.10.28 52.3740,4.8897 1599181222468836640 IR tnke41gyzy3m 212.33.199.92 35.6944,51.4215 1599264027738925460 US drmjwmubyr0q 74.97.19.201 41.7798,-71.4373 1599264027805875850 IR tnke41gyzy3m 212.33.199.104 35.6944,51.4215 1599264027899068346 DE u0yjje5xuw2f 139.59.128.123 50.1155,8.6842 1599264027990501868 US 9q9k2pj9t7wz 64.227.88.245 37.3483,-121.9844 1599264028054776513 HK wecnwpekx24g 112.118.20.204 22.2783,114.1747 1599264028146705784 KR wvcyxh62juy6 218.149.178.65 33.5097,126.5219 1599264028239744549 HK wecnwpekx24g 58.153.146.6 22.2783,114.1747 1599264028330992206 TW wsj8vz0y2pr0 111.254.84.24 22.6714,120.4881 1599264028391648878 HK wecnwpekx24g 221.125.1.229 22.2783,114.1747 1599264028454365917 KR wy5qq073ewc9 123.248.132.160 34.8503,128.5886 1599264028520010392 RU ufjhk242yb4j 188.68.13.65 56.9972,40.9714 1599264028613026868 SE u6u1nj6nwd9f 155.4.230.73 60.6745,17.1417 1599264028781843407 KR wyeerpwv74nc 218.149.219.45 37.1759,128.9889 1599264029255715201 CL 63kn3xyg0m9h 190.95.40.66 -36.8270,-73.0498 1599264029323559372 DE u0qzfdqnr4qu 109.192.219.158 47.7820,9.6106 1599264029430005123 SE u630q7y9nnmb 217.31.170.24 57.7210,12.9401 1599264029522393807 HK wecnwpekx24g 223.17.64.97 22.2783,114.1747 1599264029586253836 SE u6sbcpy10eu3 92.35.123.32 59.2371,17.9819 1599264029679378539 CA dpwztxr378j5 170.52.71.133 43.5459,-80.2560 1599264029783437918 HK wecnwpekx24g 203.218.140.152 22.2783,114.1747 1599264029846908838 UA ubeuq9mgfgds 91.241.190.246 48.5671,39.3171 1599264029929485360 NL u173zq2sdm0x 165.22.201.37 52.3740,4.8897 1599264030033197712 CA dpz88g6gd14d 165.22.230.226 43.7001,-79.4163 1599264030137999637 IN tdr5jr8mk90m 139.59.36.117 13.2257,77.5750 1599264030243247974 DE u1my6fjcbmsm 91.96.29.236 53.1412,8.2147 1599264030350231386 US dr725u4n30f6 142.93.195.249 40.8043,-74.0121 1599264030414440705 RU ucm7zpd06vk7 37.235.182.228 52.7317,41.4433 1599264030506216311 KR wy7c01z6hf39 182.219.222.149 35.3420,129.0336 1599264030670908704 HK wecnwpekx24g 203.218.16.161 22.2783,114.1747 1599264030763763003 KR wvcyxh62juy6 121.189.109.184 33.5097,126.5219 1599264030828415432 HK wecnwpekx24g 220.246.177.144 22.2783,114.1747 1599264030933423363 BR 6gyf4c29u5g7 177.141.124.184 -23.5475,-46.6361 1599264030996265977 KR wvcyxh62juy6 14.49.241.27 33.5097,126.5219 1599264031060589638 KR wy6rku93k0qs 119.204.116.49 36.4556,127.1247 1599264031125222661 SE u6s8c04qg2bp 213.66.94.61 59.1955,17.6253 1599264031216218425 HK wecnwpekx24g 113.252.25.89 22.2783,114.1747 1599264031280489940 LU u0u65rx9p75q 107.189.10.174 49.6117,6.1300 1599264031348381640 US 9v6kpvcxhxn0 209.141.41.103 30.2672,-97.7431 1599264031414359114 CN wx4g08vy534y 116.129.254.131 39.9075,116.3972 1599264031507042508 TW wsmc65z3fsqj 114.46.76.221 24.1469,120.6839 1599264031570020916 HK wecnwpekx24g 219.76.153.228 22.2783,114.1747 1599264031684098736 US dp3wj6x1yvrn 209.236.101.141 41.8500,-87.6500 1599264031776670430 TW wsjwzh0vq2x0 1.170.107.214 23.7094,120.5433 1599264031839965705 HK wecnwpekx24g 1.36.241.201 22.2783,114.1747 1599264031933101946 CA dpsbwumpzq5j 108.170.189.6 42.3001,-83.0165 1599350434500247226 US 9v1zrqymy7tx 13.85.152.27 29.4375,-98.4616 1599350434596779212 KR wy4rbp9ngz43 121.148.220.88 35.1547,126.9156 1599350434688747683 FR u0c8yvhv98ub 88.139.197.20 49.3790,2.4126 1599350434780295847 BZ d517918myznz 85.209.0.8 17.4995,-88.1976 1599350434873435627 US dpxgvp4xbp41 23.94.183.112 42.8865,-78.8784 1599350434963827703 ZA k3vngpzrgst8 41.193.122.77 -33.9258,18.4232 1599350435069938820 US dr725u4n30f6 64.227.0.131 40.8043,-74.0121 1599350435175791206 BR 6gyt9n5m5ysj 191.232.242.173 -22.9056,-47.0608 1599357634832231200 US dr725u4n30f6 161.35.126.137 40.8043,-74.0121 Link do projeto no GitHub: https://github.com/bsd0x/fail2ban-attack-monitoring Link to comment Share on other sites More sharing options...
andreluna Posted September 8, 2020 at 04:57 PM Share Posted September 8, 2020 at 04:57 PM Há uns 2 meses eu fiz testes com o HoneyPot https://github.com/cowrie/cowrie (SSH e Telnet apenas). Fiquei impressionando com a quantidade de ataques. Coloquei servidores em vários locais do Mundo (AWS e Digital Ocean). O bom desse Honeypot é que ele captura o payload que está sendo injetado (e guarda o payload/malware/shellscript/binário/etc). Consegui ver até tráfego de variantes da Mirai botnet. O mais interessante que percebi é: Servidores nos EUA - Os ataques vem muito da China. Servidores na Europa - Os ataques vem muito do oriente médio e asia. Geopolítica nos ataques. Link to comment Share on other sites More sharing options...
bsd0x Posted September 11, 2020 at 04:10 PM Author Share Posted September 11, 2020 at 04:10 PM Que bacana, amigo! vou dar uma olhada no seu projeto também! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.