아래와 같은 메일이 왔습니다. 어떻게 해야하나요?
작성자 정보
- 초보 작성
- 작성일
컨텐츠 정보
- 1,908 조회
- 0 추천
- 목록
본문
회사에서 웹호스팅업체를 쓰고있는데. 아래와 같은 메일이 왔습니다.
어떻게 해야하나요? 답변 부탁드립니다.
첫번째 메일========================================================
>
> 해당IP의 장비에 관한 해킹시도 관련메일을 접수받았습니다. 메일원본을 확인하시고, 장비점검및 후속조치에 관한 내용을 회신해 주시기 바랍니다. 아래는 신고메일 원본입니다.
>
> KST-733b183e17295
>
> -----Original Message-----
> From: Steven M. Schweda [mailto:sms@antinode.org]
> Sent: Friday, July 08, 2005 12:15 AM
> To:
> Subject: SSH break-in attempts from 211.43.206.106
>
>
>
> Anything you could do to discourage this behavior would be
> appreciated. Times are local, US CDT = UTC-5:00:
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network login failure
> Event time: 7-JUL-2005 04:03:50.31
> PID: 20207DF0
> Process name: TCPIP$SS_BG6100
> Username: TCPIP$SSH
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network login failure
> Event time: 7-JUL-2005 04:03:57.19
> PID: 20207DF1
> Process name: TCPIP$SS_BG6104
> Username: TCPIP$SSH
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network login failure
> Event time: 7-JUL-2005 04:04:05.23
> PID: 20207DF2
> Process name: TCPIP$SS_BG6108
> Username: TCPIP$SSH
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network login failure
> Event time: 7-JUL-2005 04:04:10.31
> PID: 20207DF3
> Process name: TCPIP$SS_BG6112
> Username: TCPIP$SSH
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network login failure
> Event time: 7-JUL-2005 04:04:15.35
> PID: 20207DF5
> Process name: TCPIP$SS_BG6117
> Username: TCPIP$SSH
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:04:20.34
> PID: 20207DF7
> Process name: TCPIP$SS_BG6121
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:04:25.33
> PID: 20207DF8
> Process name: TCPIP$SS_BG6125
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:04:30.34
> PID: 20207DF9
> Process name: TCPIP$SS_BG6129
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:04:35.33
> PID: 20207DFA
> Process name: TCPIP$SS_BG6133
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:04:41.09
> PID: 20207DFB
> Process name: TCPIP$SS_BG6137
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:04:45.83
> PID: 20207DFC
> Process name: TCPIP$SS_BG6141
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:04:50.68
> PID: 20207DFD
> Process name: TCPIP$SS_BG6145
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:04:55.70
> PID: 20207BFE
> Process name: TCPIP$SS_BG6149
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:00.88
> PID: 20204602
> Process name: TCPIP$SS_BG6153
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:09.03
> PID: 20207E04
> Process name: TCPIP$SS_BG6157
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:14.16
> PID: 20207E05
> Process name: TCPIP$SS_BG6161
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:19.46
> PID: 20207E09
> Process name: TCPIP$SS_BG6165
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:24.58
> PID: 20207E10
> Process name: TCPIP$SS_BG6169
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:30.02
> PID: 20207E14
> Process name: TCPIP$SS_BG6173
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:35.46
> PID: 20207E15
> Process name: TCPIP$SS_BG6177
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:40.89
> PID: 20207E1E
> Process name: TCPIP$SS_BG6181
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:46.45
> PID: 20207E1F
> Process name: TCPIP$SS_BG6185
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:52.94
> PID: 20207E20
> Process name: TCPIP$SS_BG6189
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:05:58.39
> PID: 20207E21
> Process name: TCPIP$SS_BG6193
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:03.90
> PID: 20207E22
> Process name: TCPIP$SS_BG6197
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:10.21
> PID: 20207E24
> Process name: TCPIP$SS_BG6201
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:15.88
> PID: 20207E25
> Process name: TCPIP$SS_BG6206
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:21.50
> PID: 20207E27
> Process name: TCPIP$SS_BG6210
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:26.99
> PID: 20207E28
> Process name: TCPIP$SS_BG6214
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:32.77
> PID: 20207E29
> Process name: TCPIP$SS_BG6218
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:38.25
> PID: 2020282C
> Process name: TCPIP$SS_BG6222
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:43.77
> PID: 20207E30
> Process name: TCPIP$SS_BG6226
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:49.34
> PID: 20207E40
> Process name: TCPIP$SS_BG6230
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:06:55.10
> PID: 20207E41
> Process name: TCPIP$SS_BG6234
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:00.77
> PID: 20207E42
> Process name: TCPIP$SS_BG6238
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:06.35
> PID: 20207E43
> Process name: TCPIP$SS_BG6242
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:12.19
> PID: 20207E44
> Process name: TCPIP$SS_BG6246
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:18.22
> PID: 20207E45
> Process name: TCPIP$SS_BG6250
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:24.23
> PID: 20207E46
> Process name: TCPIP$SS_BG6254
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:29.96
> PID: 20207E47
> Process name: TCPIP$SS_BG6258
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:35.78
> PID: 20207E48
> Process name: TCPIP$SS_BG6262
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:41.76
> PID: 20207E49
> Process name: TCPIP$SS_BG6266
> Username: TCPIP$SSH
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-NOTVALID, user authorization failure
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:47.72
> PID: 20207E4A
> Process name: TCPIP$SS_BG6270
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:07:47.81
> PID: 20207E4A
> Process name: TCPIP$SS_BG6270
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1383
> Original: 1382
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:07:53.79
> PID: 20207E4B
> Process name: TCPIP$SS_BG6274
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:07:53.85
> PID: 20207E4B
> Process name: TCPIP$SS_BG6274
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1384
> Original: 1383
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:00.25
> PID: 20207E4D
> Process name: TCPIP$SS_BG6278
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:00.31
> PID: 20207E4D
> Process name: TCPIP$SS_BG6278
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1385
> Original: 1384
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:06.56
> PID: 20207E4E
> Process name: TCPIP$SS_BG6282
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:06.62
> PID: 20207E4E
> Process name: TCPIP$SS_BG6282
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1386
> Original: 1385
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:12.80
> PID: 20207E4F
> Process name: TCPIP$SS_BG6286
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:12.86
> PID: 20207E4F
> Process name: TCPIP$SS_BG6286
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1387
> Original: 1386
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:19.25
> PID: 20207C50
> Process name: TCPIP$SS_BG6291
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:19.31
> PID: 20207C50
> Process name: TCPIP$SS_BG6291
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1388
> Original: 1387
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:27.09
> PID: 20207E51
> Process name: TCPIP$SS_BG6295
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:27.17
> PID: 20207E51
> Process name: TCPIP$SS_BG6295
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1389
> Original: 1388
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:33.71
> PID: 20207E52
> Process name: TCPIP$SS_BG6299
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:33.76
> PID: 20207E52
> Process name: TCPIP$SS_BG6299
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1390
> Original: 1389
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:39.98
> PID: 20207E53
> Process name: TCPIP$SS_BG6303
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:40.04
> PID: 20207E53
> Process name: TCPIP$SS_BG6303
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1391
> Original: 1390
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:46.44
> PID: 20207E54
> Process name: TCPIP$SS_BG6307
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:46.50
> PID: 20207E54
> Process name: TCPIP$SS_BG6307
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1392
> Original: 1391
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:53.11
> PID: 20207E55
> Process name: TCPIP$SS_BG6311
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:53.19
> PID: 20207E55
> Process name: TCPIP$SS_BG6311
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1393
> Original: 1392
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: Network breakin detection
> Event time: 7-JUL-2005 04:08:59.80
> PID: 20207E56
> Process name: TCPIP$SS_BG6315
> Username: ROOT
> Password:
> Remote node fullname: SSH_PASSWORD:211.43.206.106
> Remote username: SSH_D32BCE6A
> Status: %LOGIN-F-EVADE, break-in evasion in effect
>
> Security alarm (SECURITY) and security audit (SECURITY) on ALP, system id: 1119
> Auditable event: System UAF record modification
> Event time: 7-JUL-2005 04:08:59.86
> PID: 20207E56
> Process name: TCPIP$SS_BG6315
> Username: TCPIP$SSH
> Process owner: [TCPIP$AUX,TCPIP$SSH]
> Image name: ALP$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$SSH_SSHD2.EXE
> Object class name: FILE
> Object name: SYS$COMMON:[SYSEXE]SYSUAF.DAT;1
> User record: ROOT
> Flags: New: (none)
> Original: (none)
> Login failures: New: 1394
> Original: 1393
>
> ------------------------------------------------------------------------
>
> Steven M. Schweda (+1) 651-699-9818
> 382 South Warwick Street sms@antinode.org
> Saint Paul MN 55105-2547
> ===============================================================
==================================================================
두번째 메일입니다.==================================================
>
> 해당IP의 장비에 관한 포트스캔 관련메일을 접수받았습니다. 메일원본을 확인하시고, 장비점검및 후속조치에 관한 내용을 회신해 주시기 바랍니다. 아래는 신고메일 원본입니다.
>
> KST-793593963a53b
>
> -----Original Message-----
> From: Incident Response [mailto:please_do_not_reply@securepipe.com]
> Sent: Friday, July 08, 2005 04:25 AM
> To: security@kidc.net
> Subject: 211.43.206.106 Abuse: Network Probe 22/tcp (ssh)
>
>
>
>
> ****
> The following report is advisory -- THERE IS NO NEED TO REPLY.
> Replies to this email are assumed to be autoresponses.
>
> If you have questions about this report, please see:
> http://www.securepipe.com/incident_reporting/reports.html
>
> If you have received this complaint in error, please email:
> incident.inquiry-68582712@securepipe.com
>
> ****
> SUSPECT IP: 211.43.206.106
>
> A user, apparently on your network, probed port 22 (ssh) on the IPs shown
> in the log excerpt below. Given vulnerabilities in some implementations,
> as well as its uses in automated OS scanning, this network probe should
> be regarded as a hostile action.
>
>
> All timestamps are in GMT
>
> Jul 7 03:21:36 DENY proto tcp SRC=211.43.206.106 DST=209.69.181.130 LEN=60 TTL=42 ID=26802 DF SPT=35741 DPT=22 WINDOW=5840 SYN
> Jul 7 03:21:39 DENY proto tcp SRC=211.43.206.106 DST=209.69.181.130 LEN=60 TTL=42 ID=26803 DF SPT=35741 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:53 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.80 LEN=60 TTL=46 ID=47534 DF SPT=40674 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:53 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.81 LEN=60 TTL=46 ID=23542 DF SPT=40675 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:53 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.82 LEN=60 TTL=46 ID=20388 DF SPT=40676 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:53 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.92 LEN=60 TTL=46 ID=22912 DF SPT=40686 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:53 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.94 LEN=60 TTL=46 ID=17077 DF SPT=40688 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:53 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.95 LEN=60 TTL=46 ID=28701 DF SPT=40689 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:56 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.80 LEN=60 TTL=46 ID=47535 DF SPT=40674 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:56 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.81 LEN=60 TTL=46 ID=23543 DF SPT=40675 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:56 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.82 LEN=60 TTL=46 ID=20389 DF SPT=40676 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:56 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.92 LEN=60 TTL=46 ID=22913 DF SPT=40686 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:56 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.94 LEN=60 TTL=46 ID=17078 DF SPT=40688 DPT=22 WINDOW=5840 SYN
> Jul 7 09:53:56 DENY proto tcp SRC=211.43.206.106 DST=209.83.44.95 LEN=60 TTL=46 ID=28702 DF SPT=40689 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:54 DENY proto tcp SRC=211.43.206.106 DST=192.169.101.100 LEN=60 TTL=46 ID=22579 DF SPT=47544 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:54 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.72 LEN=60 TTL=46 ID=13242 DF SPT=47541 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:54 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.73 LEN=60 TTL=46 ID=60517 DF SPT=47542 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:54 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.74 LEN=60 TTL=46 ID=20674 DF SPT=47543 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:54 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.76 LEN=60 TTL=46 ID=38984 DF SPT=47545 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:54 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.78 LEN=60 TTL=46 ID=10489 DF SPT=47547 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:54 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.79 LEN=60 TTL=46 ID=63380 DF SPT=47548 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:57 DENY proto tcp SRC=211.43.206.106 DST=192.169.101.100 LEN=60 TTL=46 ID=22580 DF SPT=47544 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:57 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.72 LEN=60 TTL=46 ID=13243 DF SPT=47541 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:57 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.73 LEN=60 TTL=46 ID=60518 DF SPT=47542 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:57 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.74 LEN=60 TTL=46 ID=20675 DF SPT=47543 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:57 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.76 LEN=60 TTL=46 ID=38985 DF SPT=47545 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:57 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.78 LEN=60 TTL=46 ID=10490 DF SPT=47547 DPT=22 WINDOW=5840 SYN
> Jul 7 09:55:57 DENY proto tcp SRC=211.43.206.106 DST=209.83.73.79 LEN=60 TTL=46 ID=63381 DF SPT=47548 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44859 209.83.100.98:22 L=60 S=0x00 I=35471 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44863 209.83.100.102:22 L=60 S=0x00 I=45670 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44864 209.83.100.103:22 L=60 S=0x00 I=47660 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44865 209.83.100.104:22 L=60 S=0x00 I=44537 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44869 209.83.100.108:22 L=60 S=0x00 I=28847 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44876 209.83.100.115:22 L=60 S=0x00 I=16623 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44877 209.83.100.116:22 L=60 S=0x00 I=57907 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44881 209.83.100.120:22 L=60 S=0x00 I=33277 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44882 209.83.100.121:22 L=60 S=0x00 I=43484 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44885 209.83.100.124:22 L=60 S=0x00 I=46728 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44886 209.83.100.125:22 L=60 S=0x00 I=16831 F=0x4000 T=46 SYN
> Jul 7 09:58:00 DENY proto tcp 211.43.206.106:44887 209.83.100.126:22 L=60 S=0x00 I=17675 F=0x4000 T=46 SYN
> Jul 7 09:58:01 DENY proto tcp 211.43.206.106:44868 209.83.100.107:22 L=60 S=0x00 I=57033 F=0x4000 T=46 SYN
> Jul 7 09:58:01 DENY proto tcp 211.43.206.106:44878 209.83.100.117:22 L=60 S=0x00 I=47473 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44859 209.83.100.98:22 L=60 S=0x00 I=35472 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44863 209.83.100.102:22 L=60 S=0x00 I=45671 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44864 209.83.100.103:22 L=60 S=0x00 I=47661 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44865 209.83.100.104:22 L=60 S=0x00 I=44538 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44868 209.83.100.107:22 L=60 S=0x00 I=57034 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44869 209.83.100.108:22 L=60 S=0x00 I=28848 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44876 209.83.100.115:22 L=60 S=0x00 I=16624 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44877 209.83.100.116:22 L=60 S=0x00 I=57908 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44878 209.83.100.117:22 L=60 S=0x00 I=47474 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44881 209.83.100.120:22 L=60 S=0x00 I=33278 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44882 209.83.100.121:22 L=60 S=0x00 I=43485 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44885 209.83.100.124:22 L=60 S=0x00 I=46729 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44886 209.83.100.125:22 L=60 S=0x00 I=16832 F=0x4000 T=46 SYN
> Jul 7 09:58:03 DENY proto tcp 211.43.206.106:44887 209.83.100.126:22 L=60 S=0x00 I=17676 F=0x4000 T=46 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.10 LEN=60 TTL=45 ID=26388 DF SPT=46489 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.11 LEN=60 TTL=45 ID=37469 DF SPT=46490 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.12 LEN=60 TTL=45 ID=28728 DF SPT=46491 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.13 LEN=60 TTL=45 ID=33382 DF SPT=46492 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.14 LEN=60 TTL=45 ID=1445 DF SPT=46493 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.15 LEN=60 TTL=45 ID=9724 DF SPT=46494 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.16 LEN=60 TTL=45 ID=48357 DF SPT=46495 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.17 LEN=60 TTL=45 ID=45428 DF SPT=46496 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.18 LEN=60 TTL=45 ID=8300 DF SPT=46497 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.19 LEN=60 TTL=45 ID=63268 DF SPT=46498 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.2 LEN=60 TTL=45 ID=57830 DF SPT=46481 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.20 LEN=60 TTL=45 ID=28631 DF SPT=46499 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.21 LEN=60 TTL=45 ID=3622 DF SPT=46500 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.22 LEN=60 TTL=45 ID=22283 DF SPT=46501 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.23 LEN=60 TTL=45 ID=10673 DF SPT=46502 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.24 LEN=60 TTL=45 ID=65213 DF SPT=46503 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.25 LEN=60 TTL=45 ID=6046 DF SPT=46504 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.26 LEN=60 TTL=45 ID=9237 DF SPT=46505 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.27 LEN=60 TTL=45 ID=41352 DF SPT=46506 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.28 LEN=60 TTL=45 ID=45656 DF SPT=46507 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.29 LEN=60 TTL=45 ID=8544 DF SPT=46508 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.3 LEN=60 TTL=45 ID=60823 DF SPT=46482 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.30 LEN=60 TTL=45 ID=36317 DF SPT=46509 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.31 LEN=60 TTL=45 ID=8335 DF SPT=46510 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.32 LEN=60 TTL=45 ID=24120 DF SPT=46511 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.33 LEN=60 TTL=45 ID=24795 DF SPT=46512 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.34 LEN=60 TTL=45 ID=50080 DF SPT=46513 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.35 LEN=60 TTL=45 ID=19511 DF SPT=46514 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.36 LEN=60 TTL=45 ID=18447 DF SPT=46515 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.37 LEN=60 TTL=45 ID=37665 DF SPT=46516 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.38 LEN=60 TTL=45 ID=54892 DF SPT=46517 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.39 LEN=60 TTL=45 ID=18004 DF SPT=46518 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.4 LEN=60 TTL=45 ID=37515 DF SPT=46483 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.40 LEN=60 TTL=45 ID=53819 DF SPT=46519 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.41 LEN=60 TTL=45 ID=38046 DF SPT=46520 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.42 LEN=60 TTL=45 ID=21608 DF SPT=46521 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.43 LEN=60 TTL=45 ID=37571 DF SPT=46522 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.44 LEN=60 TTL=45 ID=35438 DF SPT=46523 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.45 LEN=60 TTL=45 ID=62853 DF SPT=46524 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.5 LEN=60 TTL=45 ID=10545 DF SPT=46484 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.50 LEN=60 TTL=45 ID=10534 DF SPT=46529 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.51 LEN=60 TTL=45 ID=46932 DF SPT=46530 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.54 LEN=60 TTL=45 ID=60620 DF SPT=46533 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.55 LEN=60 TTL=45 ID=20142 DF SPT=46534 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.6 LEN=60 TTL=45 ID=10743 DF SPT=46485 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.60 LEN=60 TTL=46 ID=48673 DF SPT=46539 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.61 LEN=60 TTL=45 ID=30393 DF SPT=46540 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.62 LEN=60 TTL=46 ID=53544 DF SPT=46541 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.7 LEN=60 TTL=45 ID=33963 DF SPT=46486 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.8 LEN=60 TTL=45 ID=38526 DF SPT=46487 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:07 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.9 LEN=60 TTL=45 ID=57602 DF SPT=46488 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.46 LEN=60 TTL=45 ID=25403 DF SPT=46525 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.47 LEN=60 TTL=45 ID=59233 DF SPT=46526 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.48 LEN=60 TTL=45 ID=11534 DF SPT=46527 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.49 LEN=60 TTL=45 ID=10568 DF SPT=46528 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.56 LEN=60 TTL=45 ID=25694 DF SPT=46535 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.57 LEN=60 TTL=45 ID=41929 DF SPT=46536 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.58 LEN=60 TTL=45 ID=39882 DF SPT=46537 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.59 LEN=60 TTL=45 ID=63684 DF SPT=46538 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:09 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.78 LEN=60 TTL=46 ID=34748 DF SPT=46557 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.10 LEN=60 TTL=45 ID=26389 DF SPT=46489 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.11 LEN=60 TTL=45 ID=37470 DF SPT=46490 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.12 LEN=60 TTL=45 ID=28729 DF SPT=46491 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.13 LEN=60 TTL=45 ID=33383 DF SPT=46492 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.14 LEN=60 TTL=45 ID=1446 DF SPT=46493 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.15 LEN=60 TTL=45 ID=9725 DF SPT=46494 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.16 LEN=60 TTL=45 ID=48358 DF SPT=46495 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.17 LEN=60 TTL=45 ID=45429 DF SPT=46496 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.18 LEN=60 TTL=45 ID=8301 DF SPT=46497 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.19 LEN=60 TTL=45 ID=63269 DF SPT=46498 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.2 LEN=60 TTL=45 ID=57831 DF SPT=46481 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.20 LEN=60 TTL=45 ID=28632 DF SPT=46499 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.21 LEN=60 TTL=45 ID=3623 DF SPT=46500 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.22 LEN=60 TTL=45 ID=22284 DF SPT=46501 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.23 LEN=60 TTL=45 ID=10674 DF SPT=46502 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.24 LEN=60 TTL=45 ID=65214 DF SPT=46503 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.25 LEN=60 TTL=45 ID=6047 DF SPT=46504 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.26 LEN=60 TTL=45 ID=9238 DF SPT=46505 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.27 LEN=60 TTL=45 ID=41353 DF SPT=46506 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.28 LEN=60 TTL=45 ID=45657 DF SPT=46507 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.29 LEN=60 TTL=45 ID=8545 DF SPT=46508 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.3 LEN=60 TTL=45 ID=60824 DF SPT=46482 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.30 LEN=60 TTL=45 ID=36318 DF SPT=46509 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.31 LEN=60 TTL=45 ID=8336 DF SPT=46510 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.32 LEN=60 TTL=45 ID=24121 DF SPT=46511 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.33 LEN=60 TTL=45 ID=24796 DF SPT=46512 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.34 LEN=60 TTL=45 ID=50081 DF SPT=46513 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.35 LEN=60 TTL=45 ID=19512 DF SPT=46514 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.36 LEN=60 TTL=45 ID=18448 DF SPT=46515 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.37 LEN=60 TTL=45 ID=37666 DF SPT=46516 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.38 LEN=60 TTL=45 ID=54893 DF SPT=46517 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.39 LEN=60 TTL=45 ID=18005 DF SPT=46518 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.4 LEN=60 TTL=45 ID=37516 DF SPT=46483 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.40 LEN=60 TTL=45 ID=53820 DF SPT=46519 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.41 LEN=60 TTL=45 ID=38047 DF SPT=46520 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.42 LEN=60 TTL=45 ID=21609 DF SPT=46521 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.43 LEN=60 TTL=45 ID=37572 DF SPT=46522 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.44 LEN=60 TTL=45 ID=35439 DF SPT=46523 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.45 LEN=60 TTL=45 ID=62854 DF SPT=46524 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.46 LEN=60 TTL=45 ID=25404 DF SPT=46525 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.5 LEN=60 TTL=45 ID=10546 DF SPT=46484 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.50 LEN=60 TTL=45 ID=10535 DF SPT=46529 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.51 LEN=60 TTL=45 ID=46933 DF SPT=46530 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.54 LEN=60 TTL=45 ID=60621 DF SPT=46533 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.55 LEN=60 TTL=45 ID=20143 DF SPT=46534 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.58 LEN=60 TTL=45 ID=39883 DF SPT=46537 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.6 LEN=60 TTL=45 ID=10744 DF SPT=46485 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.60 LEN=60 TTL=46 ID=48674 DF SPT=46539 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.61 LEN=60 TTL=45 ID=30394 DF SPT=46540 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.62 LEN=60 TTL=46 ID=53545 DF SPT=46541 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.7 LEN=60 TTL=45 ID=33964 DF SPT=46486 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.8 LEN=60 TTL=45 ID=38527 DF SPT=46487 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:10 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.9 LEN=60 TTL=45 ID=57603 DF SPT=46488 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:11 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.47 LEN=60 TTL=45 ID=59234 DF SPT=46526 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:11 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.48 LEN=60 TTL=45 ID=11535 DF SPT=46527 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:11 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.49 LEN=60 TTL=45 ID=10569 DF SPT=46528 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:11 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.56 LEN=60 TTL=45 ID=25695 DF SPT=46535 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:11 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.57 LEN=60 TTL=45 ID=41930 DF SPT=46536 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:11 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.59 LEN=60 TTL=45 ID=63685 DF SPT=46538 DPT=22 WINDOW=5840 SYN
> Jul 7 09:58:12 DENY proto tcp SRC=211.43.206.106 DST=209.83.103.78 LEN=60 TTL=46 ID=34749 DF SPT=46557 DPT=22 WINDOW=5840 SYN
> Jul 7 09:59:05 DENY proto tcp SRC=211.43.206.106 DST=209.83.112.82 LEN=60 TTL=46 ID=65261 DF SPT=55746 DPT=22 WINDOW=5840 SYN
> Jul 7 09:59:08 DENY proto tcp SRC=211.43.206.106 DST=209.83.112.82 LEN=60 TTL=46 ID=65262 DF SPT=55746 DPT=22 WINDOW=5840 SYN
> Jul 7 09:59:14 DENY proto tcp SRC=211.43.206.106 DST=209.83.112.82 LEN=60 TTL=46 ID=65263 DF SPT=55746 DPT=22 WINDOW=5840 SYN
>
>
관련자료
-
이전
-
다음
