今月のアクセス数上位ポート
T-potがDebian13に対応したということで、今月からベースをDebian13に更新しました。そのためか、DDoSの観測がなくなりました。DDoSがなくなったのではなく、観測しなくなったのでしょう。先月のDDoSが700万件でアクセス総数が1100万件だったので、アクセス数がそれほど減っているわけではないようです。なので、今後はDDoS以外のもので見ていくことになるでしょうか・・・
今月は300万件でした。
アクセス数上位ポート ①5060(SIP) ②445(SMB) ③5902(VNC) ④22(SSH) ⑤5900(VNC)
今週は5900番台(5902,5903)が多数を占めています。VNC関係のポートにアクセスしているものと考えられます。
今月のアクセス数上位国
アクセス数上位国 ①アメリカ(5902) ②ルーマニア(5060) ③ウクライナ(5900) ④ドイツ(25) ⑤オランダ(22)
先月のアメリカは5060番ポートへのアクセスが多かったですが、それはルーマニアに譲りました。その分5900番台へのVNCへのアクセスと思われるアクセスがダントツです。
今月の攻撃IDパスワード
| ユーザ名(top500) | 試行数 | パスワード(top500) | 試行数 |
| root admin user ubuntu sa test oracle postgres dock git server guest mysql backup hadoop debian elasticsearch ftpuser pi sol centos dell www dspace dev nagios docker es elastic developer 123 ftp lenovo wang nginx solana administrator Admin loginuser ftptest nobody odoo user1 (空白) daemon zabbix mssql Administrator weblogic qemu smart tomcat ubnt student api web deploy solv test1 www-data ec2-user jenkins apache newuser demo appuser master support operator webmaster admin1 kafka anonymous app_user testuser deployer uftp redis alex svn mssqla gerrit test2 zookeeper mssqlserver db validator ftpadmin app service wordpress tom minecraft system another blog site cacti huawei users just steam bot ms test3 mongodb tempuser vhserver odoo17 node nexus GET / HTTP/1.1 sysadmin user2 ali dbadmin username dolphinscheduler vagrant oscar a mr data sonar sql Accept: / dqi default dba redhat sh uucp Accept-Encoding: gzip User-Agent: Go-http-client/1.1 ansible dbuser test4 dmdba teamspeak mysqladmin sqladmin devops User-Agent: python-requests/2.27.1 minima user3 seki 1234 eth jito bob gitlab rahul fedora gpadmin linux ts fa rosa gitlab-runner jira orangepi user123 amir ts3 wwwroot mps plex mpc david odoo18 AdminGPON hive 0 esuser frappe ranger ethereum rancher asterisk mrodriguez mrojas odoo16 vodafone bigdata bin erp mperez nvidia runner search tech User-Agent:(略) Chrome/126.0.0.0 media samba basit root1 squid webtest factorio grid kipt niaoyun kingbase lighthouse msanchez lp palworld rocky wso2 zlm cloud richard lsfadmin vncuser vyos mpcabarcas tools flink instrument z cms esearch opc proxy ps trader mpconfig mrp super sync sys github iplms lucky splunk azureuser bdp cbm cloudera create dgxadmin dummy3 exploit fred img ituser joel langchain mpw mq mss nextcloud rimuru user_czn chaima config delhi godfrey installer mroman mspl nil roamware ADMIN cozmo deploy_jenkins dtplat fac joaquin kuro matei mspirchina omm onkar padhm person sit tangxy thin umra xwld yealink zzc User aa list mpconnect root2 share solr veysel vps wacos wrpinto zhyfj114514 amax g mssbranch sshd 345gs5662d34 anna cc emqx firedancer games gitlab-prometheus gitlab-psql gnats init irc man neo4j news registry rstudio-server secadmin suporte systemd titu 123456 aaa admin123 mpdbmaster msg yarn jack lab ly monitor mpereyra postgresql abc ai hduser msp nikita proxyuser qaz trading vnc adminuser bitrix emo msilva publicuser 1 amp btf gmod issabel it leo localadmin mina mpetek mpettit mss_user_new osboxes polkitd sangoma testuser1 user5 bb cloud-user dm mc packer pritchard rebecca spark ts3server aes-admin alisson almalinux amandabackup amrita angel argebarikat arpwatch astra_user audadmin brute cheeki chetana cloudendure cowrie cp_extensions cp_postgres cyberpanel devadmin devmon docubeapp-usr dogeman downloader dton ec2 ecs-user emps engineer fastmail fastuser fatshibainu fivem gke-a02662ac27ad32de2130 hdfs hennadii hysteria ies igal_dahan igaldahan iliagermansela jfletcher jiffyapp-usr jiffyexp-usr joakima john jyvtc keycloak kubernetes kx labuser leonjalfon1 library-koha linuxuser lscpd lvuser main mitmproxyuser mpetro netadmin netdata noama nova nxautomation o3-root odoo14 omsagent oneadmin op_user openvpn peer potok priyanka pufferpanel rajesh rtelekom searxng selvananthi shimi0392 spamfilter springboot srikanth ssm-user stptbdd sw systemx tbds telecomadmin trytan tty0 update user4 vmail vscode webdev webserv x2goprint user adMIN admiN cisco cq du hn mpinto rr ws wy ADMiN ADmIn aDMIN adMin admIn dz hc hj lc lh lw mqq mr01 nc aDMiN as claude cp ftpserver gl helpdesk | 43000 13590 10560 8580 7995 6314 5775 5563 3885 3629 2189 2096 1884 1797 1579 1023 1016 974 933 910 866 824 811 702 684 664 658 631 622 614 611 606 606 601 598 596 587 559 555 553 548 544 536 521 505 494 478 477 473 435 430 424 422 402 387 374 370 370 362 341 340 331 307 305 304 302 296 281 267 267 256 253 247 240 240 227 225 215 212 209 206 198 195 177 171 161 159 156 155 152 152 150 147 145 144 143 143 141 141 141 140 140 130 130 129 128 126 125 124 123 118 115 115 115 110 103 99 98 95 94 92 92 91 90 89 88 88 87 85 85 85 85 84 84 83 82 82 80 79 78 78 77 76 74 74 72 71 71 70 69 68 68 67 67 66 66 63 63 62 62 62 62 61 61 61 60 60 58 57 57 56 56 55 55 55 55 54 54 53 53 53 53 53 52 52 52 52 52 52 52 52 50 50 50 49 49 49 49 48 48 48 48 47 47 47 46 46 46 46 46 44 44 43 43 43 42 42 41 40 40 39 39 39 39 39 39 38 38 38 38 38 37 37 37 37 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 35 35 35 35 35 35 35 35 35 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 33 33 33 33 33 33 33 33 33 33 33 33 33 32 32 32 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 30 30 30 30 30 29 29 29 29 29 29 28 28 28 28 28 28 28 28 28 27 27 27 27 27 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 25 25 25 25 25 25 25 25 25 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 23 23 23 23 23 23 23 23 23 23 23 22 22 22 22 22 22 22 22 22 22 22 22 22 22 21 21 21 21 21 21 21 | 123456 password (空白) 123 admin 1234 Password123 12345678 12345 123456789 1 P@ssw0rd user 111111 qwerty ubuntu 123123 root admin@123 1q2w3e4r passw0rd 1234567 000000 password1 root123 admin123 abc123 Password test 123abc 654321 oracle p@ssw0rd postgres 1234567890 git backup@123 abcd1234 welcome root@123 server 123qwe test@123 Passw0rd user@123 letmein Password1 oracle@123 ubuntu@123 postgres@123 git@123 server@123 qwerty123 pass123 nobody wang123 loginuser123 1qaz2wsx roderick wasd 123321 user1 321 12 guest qemu 0 solana nagios api test123 54321 P@ssw0rd123 123qwerty 4321 PASSWORD default 1234qwer centos Host: (IPアドレス):23 toor q1w2e3r4 pass qwer1234 password123 ubnt ftp debian sol validator qwe123 mysql hadoop 1q2w3e qwertyui linux passwd 666666 pass1234 q1w2e3 DataLab changeme Aa123456 Admin@123 qwerty123456 student test321 admin1 testuser oracle123 21 123123123 administrator passpass nginx node 1qaz@WSX P@ssword 321123 raspberry solv 888888 root1 3t9z12Bt5015 dell ftpuser www test1 deploy postgres123 Admin123 valheim apache odoo17 alpine bot dragon qwertyuiop weblogic 1111 adminadmin dell@123 pa55w0rd p@ssword zabbix fuk19600 rootroot operator 123456qw 1qazxsw2 ubuntu123 Accept: / docker demo jenkins 123456a 987654321 !QAZ2wsx 555555 master mysql123 root1234 tomcat testpass elastic support odoo dqi ethereum system user123 Connection: close P@55w0rd jito elasticsearch 7777777 Accept-Encoding: gzip, deflate Foundation#1 redhat test2 123qweasd git123 service admin1234 iloveyou qwerty12 Connection: keep-alive ali pa55word a dev lenovo ftpuser123 11111111 backup teamspeak root123456 martin vagrant !@#$%^&* deployer guest123 dspace kafka 1234abcd Pa$$w0rd Xpon@Olt9417# orangepi r00t root12 seki123456 Huawei@123 88888888 Lovesick1974 P@ssword123 lenovo@123 uucp web Lenovo@123 a1234567 1qazXSW@ dell123 zookeeper !@#$%^ 123456b 123456c ALC#FGU ansible killallwogs123132 MPC123 aa123456 es minecraft tom Dell@123 alex developer n0=acc3ss rootpass !Q2w3e4r jira anonymous plex start eve ec2-user ftptest huawei supportAtlanta devops 1q2w3e4r5t 1qaz@wsx Ab123456 eth minima mynoob pi vodafone 00000000 nexus ——fuck—— 111 abc12345 p4ssw0rd 11111 Hu@wei Qq123456 aA123456 abcdefgh data fa huawei123 nginx123 ts Info1234 calvin deploy123 ranger uftp Root123 david hive odoo18 welcome1 !Q@W3e4r Bossman1 app bob firedancer fred null qq123456 redis 1Q2w3e4r 45367151 P root321 A123456a a123456A bigdata dolphinscheduler es123456 fuckyou gpadmin guest1 nvidia odoo16 runner secret amir appuser asterisk elasticsearch123 flink gitlab gitlab-runner media oscar !@ cms dev123456 dolphinscheduler123 joel odoo123 rootme sonar user2 159357 click1 dmdba erp esuser hadoop123 iplms mpconfig squid sshd www123 12341234 access admin01 asdfghjk basit chaima exploit factorio godfrey img ituser langchain oscar123 qazwsxed test1234 user3 11223344 Liberty#12 MSS asdf1234 bdp centos123 cloudera delhi dgxadmin esearch grid kingbase kipt lsfadmin nextcloud rocky steam test3 trader wang zaq12wsx 0-opklm, 123qwe123 1a2s3d4f MSPL Qwerty1 abcdefg cozmo deploy_jenkins dtplat joaquin kuro rancher 0l0ctyQh243O63uD 1989 9999 @ P4ssword admin12 daemon fac omm onkar123 p@55w0rd qaz123!@ qazwsx12 qazwsxedc1992 sa samba testing 0000 123.com 3245gs5662d34 345gs5662d34 P4ssw0rd config elastic123 ftptest123 mpconnect padhm palworld roamware temp tools vps 112233 abc123456 asteriskftp eigenlayer oracle1 p4ssword proxy steam123 tom123 wiccazcraft xwld123456 yealink 12345qwe OkwKcECs8qJP2Z anonymous@ sit123456 wso2 zhyfj114514 22222222 77777777 99999999 Abcd1234 Pa$w0rd Pa55w0rd jenkins123 qwert123 tangxy@123 thin123 umra@123 321start MSSQL Pa$word a123456 admin123456 ftpadmin mssqltips passwort vyos wacos 1qaz@WSX3edc 1z2x3c4v 3333 ICS Lovesick19741973 alex123 football integra okokok root12345 102030 10203040 121212 1qaz2wsx3edc admin#123 adminpass bin cacti dbadmin demo123 manager port=5433 qazxswedc 1111111 123654 5201314 55555555 Pa55word Warning15 deployer123 ftp123 hello installer root1234567 root12345678 root123456789 sa1ax terminal webtest —fuck_you—- 11 | 19745 5667 5235 4787 4125 4044 3909 3710 3617 2561 2513 2509 2328 2257 2008 1978 1958 1909 1746 1661 1540 1378 1343 1336 1329 1309 1287 1257 1238 1197 1140 1131 1085 1034 990 835 831 821 811 800 794 740 648 645 640 639 635 632 625 617 616 616 555 530 516 516 512 502 499 469 460 456 455 447 442 434 406 387 382 378 371 363 363 361 348 337 312 311 294 290 289 276 273 271 263 244 243 239 231 220 218 217 200 199 197 196 195 194 183 180 178 168 163 163 161 156 152 151 151 148 145 144 143 143 141 139 137 136 133 133 130 127 125 124 124 123 122 120 119 119 116 114 112 111 110 110 110 110 110 109 109 109 108 104 104 103 103 102 100 100 99 98 98 96 96 95 94 93 91 91 91 91 91 90 89 89 87 86 86 86 86 85 85 85 84 83 83 82 82 82 80 80 80 79 79 79 78 78 78 76 76 76 75 74 74 74 73 72 71 69 69 69 68 68 67 67 67 67 67 67 67 64 63 63 63 63 63 63 62 62 61 61 61 60 60 60 59 59 59 58 58 57 57 57 56 56 56 56 56 55 55 54 54 54 54 53 52 52 52 52 51 50 50 50 50 50 50 50 50 49 49 47 47 47 47 46 46 46 46 46 46 46 46 46 46 45 45 45 45 45 44 44 44 44 44 43 43 43 43 43 43 43 43 43 42 42 42 42 41 41 41 41 41 41 41 41 41 41 41 41 40 40 40 40 40 40 40 40 40 39 39 39 39 39 39 39 39 39 38 38 38 38 38 38 38 38 38 38 38 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 35 35 35 35 35 35 35 35 35 35 35 35 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 32 32 32 32 32 32 32 32 32 32 32 32 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 29 29 29 29 29 29 29 29 29 29 28 28 28 28 28 28 28 28 28 28 27 27 27 27 27 27 27 27 27 27 27 27 27 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 25 25 |
コメント