From owner-FreeBSD-users-jp@jp.FreeBSD.org Wed Jul  9 22:06:42 2008
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id m69D6gr89539;
	Wed, 9 Jul 2008 22:06:42 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ld0.pv.ryuhoku.jp (nrg.ryuhoku.jp [218.44.161.150])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id m69D6gU89533
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Wed, 9 Jul 2008 22:06:42 +0900 (JST)
	(envelope-from kouya@ryuhoku.jp)
Received: from g6333 (g6333.pv.ryuhoku.jp [192.168.200.205])
	by ld0.pv.ryuhoku.jp (8.14.2/8.13.8) with SMTP id m69D6a5X010870
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Wed, 9 Jul 2008 22:06:36 +0900 (JST)
	(envelope-from kouya@ryuhoku.jp)
Message-ID: <E988AA560E954AAA848E1F103092F814@pv.ryuhoku.jp>
From: "kouya" <kouya@ryuhoku.jp>
To: <FreeBSD-users-jp@jp.FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-2022-jp";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on ld0.pv.ryuhoku.jp
X-Virus-Status: Clean
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 9 Jul 2008 22:06:36 +0900
X-Sequence: FreeBSD-users-jp 91728
Subject: [FreeBSD-users-jp 91728] ssh =?ISO-2022-JP?B?GyRCJFgkThsoQg==?=
 =?ISO-2022-JP?B?GyRCJDRNaE03JEsbKEI=?= nmap
 =?ISO-2022-JP?B?GyRCJHJBdyRqJD8kJBsoQg==?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: kouya@ryuhoku.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+060209

$B0J2<;d$N%I%a%$%s$K%9%-%c%s$r3]$1$F$/$k0lNc$G$9(B
$BEv%I%a%$%s$N30B&$N(Brouter $B$N(B security log $B$NFbMF$G$9$,!"(Bssh $B$N2DG=$J(B IP $B$r(B
$B30$l$?J}$r(B dumynet $B$KDL$7$F$$$^$9!#(B

ipfw: 5500 Pipe 7 TCP 64.238.112.202:56744 218.44.161.145:22 in via tun0
ipfw: 5500 Pipe 7 TCP 64.238.112.202:56747 218.44.161.148:22 in via tun0
ipfw: 5500 Pipe 7 TCP 64.238.112.202:56748 218.44.161.149:22 in via tun0
ipfw: 5500 Pipe 7 TCP 64.238.112.202:56746 218.44.161.147:22 in via tun0
ipfw: 5500 Pipe 7 TCP 64.238.112.202:56749 218.44.161.150:22 in via tun0

ipfw: 5600 Pipe 8 TCP 64.238.112.202:56744 218.44.161.145:22 out via rl0
ipfw: 5600 Pipe 8 TCP 64.238.112.202:56747 218.44.161.148:22 out via rl0
ipfw: 5600 Pipe 8 TCP 64.238.112.202:56748 218.44.161.149:22 out via rl0
ipfw: 5600 Pipe 8 TCP 64.238.112.202:56746 218.44.161.147:22 out via rl0
ipfw: 5600 Pipe 8 TCP 64.238.112.202:56749 218.44.161.150:22 out via rl0

pipe 7,8 $B$O%P%s%II}$r(B10Bit/sec $B$K$7$?(B dumynet $B$KDL$7$F$$$k0Y!"(B
$B:!=h$rDL2a$7L\E*$N(B ssh $B$,=PMh$k5!3#$KC#$9$k$^$G(B5$BJ,0L3]$+$k$N$G$9$,!"(B
$BD|$a$:D)@o$r;E3]$1$FMh$kJ}$,$$$^$9!#(B
ssh $B$,=PMh$k5!3#$O(B login $B40N;Kx$NM1M=;~4V$r(B 20sec $B$K%;%C%H$7$F$$$^$9!#(B

$B$G:!=h$G!"D)H/E*9T0Y$G$9$,(B pipe 7 $B$KF~$j(B 218.44.161.150:22 $B$KD)@o$5$l$?J}(B
$B$K(B nmap $B$NB#$jJ*$,=PMh$J$$$+9M$($F$$$^$9!#(B

tail -F /var/log/security | awk /Pipe 7/ && /218.44.161.150:22/ | if 
64.238.112.202:56749 then nmap -v -O 64.238.112.202

$B$$$$2C8:$K=q$-$^$7$?$,!"$d$j$?$$;v!#(B

tail $B$G(B security log $B$r4F;k(B
$B7k2L$,(B Pipe 7 $B$G(B 218.44.161.150:22 $B$r8!=P$7$?$i(B
$B%=!<%9$,(B 64.238.112.202:56749 $B$G@8B8$7$F$$$?$i(B nmap $B$r(B 64.238.112.202 $B$KFO$1$k(B 


$B$H$$$&;v$,=PMh$J$$$G$7$g$&$+!#(B

$B7'K\8)H,Be74I9@nD.5HK\(B103-1
$B1:8}9LLi(B

kouya@ryuhoku.jp
 


