今月のアクセス数上位ポート
今月は561万件でした。
アクセス数上位ポート ①19(chargen) ②5060(SIP) ③445(SMB) ④22(SSH) ⑤80(HTTP)
今月の5060番ポートへのアクセスは1番はルーマニアでしたが、2番がアメリカ3番がドイツでした。
Honeytrapの観測は上図の通りでしたが、アメリカからの5038番ポートへのアクセスが多かったです。Asteriskが使用することが多く5060番ポートとも連動する形でやってきたのでしょうか?とも思いましたが、5060番ポートと5038番ポートへのアクセスはそれほど連動しているわけではなさそうです。
今週は19番ポートへのDDoSが多く、特にトルコからのアクセスが目立ちました。
DdospotとHoneytrap以外にする途端に攻撃数が半減です。以下の先の2つが大半を占めているかがわかります。上図を見ると、もうここ1年くらいは5060番ポートへのアクセスが目立っています。
今月のアクセス数上位国
アクセス数上位国 ①トルコ(19) ②ルーマニア(5060) ③アメリカ(5060) ④アラブ首長国連邦(19) ⑤中国(22)
アラブ首長国連邦が入ってきました。19番ポートへのDDoSなので、実際の攻撃はどこからかはわかりませんが・・・・・
今月の攻撃IDパスワード
パスワード試行に「Ahgf3487@rtjhskl854hd47893@#a4nC」なんて長いのがありますが、他にも観測記録があるようでびっくりです。どのようなパスワードなんでしょう?
| ユーザ名(top500) | 試行数 | パスワード(top500) | 試行数 |
| root admin user 345gs5662d34 test ubuntu postgres oracle mysql git ftp hadoop dell lenovo ftpuser anonymous sa Admin titu es2 guest alex administrator user1 pi www 123 tomcat debian dixi web support dev ubnt grid backup data db deploy testuser admin1 centos cloud newuser owncloud nginx nobody wwwroot minecraft odoo steam www-data Ubuntu app server nagios tuan huawei test1 elasticsearch system application es nexus squid ftpguest operator developer demo service userm jenkins redis example super apache zabbix vpn default manager username a citrix frappe ali monitor richard student weblogic dspace docker elastic sshd kafka dbadmin devops enable Administrator exx cisco ec2-user user123 master daemon hduser sammy vagrant david node solana Azure exchange stack ahmed sol minima tester vncuser bin ftptest iksi tom webmaster user3 vnc kali info uftp proradis user2 client dolphinscheduler jack telecomadmin nsroot sysadmin craft Test GET / HTTP/1.1 esuser supervisor teamspeak palworld sftp test2 intel sonar abc cacti gpadmin ansible opc secret dmdba gitlab vhserver wang user01 weewx 1234 123456 csgo config uucp 0 amir mega ts share azureuser plex test3 seekcy vyos home svn root2 webuser ftpadmin router terraria temp zookeeper adam deployer elk prueba john informix pcp appuser intell sync vps User-Agent:(略)Safari/537.36 helpdesk luis webadmin webapp jito nvidia User-Agent: (略)/1.1 daniel ftp1 http samba teste vladimir btf dolphin peter media oscar roo arkserver syncthing 1 mohamed aaa andy bob boris gitlab-runner noc phpmyadmin splunk wordpress Accept-Encoding: gzip bot vpnuser backend linux loginuser satisfactory tech victor Administrator amit blank builduser hacker jira admin2 github shell core db2fenc1 db2inst1 hbase itadmin odoo17 prod storage edu foundry lsfadmin omsagent redhat runner sales caddy puppet usuario worker User-Agent:(略)2.27.1 amp gbase slave download factory open orangepi rafael rancher red redmine tunnel ahmad black factorio lighthouse oper tests aman ark bbs log mohammad mongodb solr Accept: / clouduser dolphins jose rahul smart superadmin adsl aovalle azure cirros kim maria miner minerstat muhamad nil public smb vbox adm cristi finance ftpusr ibrahim intern jrodrig mongod nikita ranger user0 webtest glassfish hugo joe marek status testing xiaoxiao drupal ds fa grafana mohammed openmediavault sftp_user sys t128 telnet ts3server webguest work astra gituser kingbase manish mos nfsnobod odoo16 odoo18 theta valheim alan api cloudera dqi joyce nc root1 upload wade Cisco access ctf fivem install kubelet mapr pal samp tim user03 vodafone ADMIN array chris cq ddd engineer hacluster library local magdalena mary morteza moth3r openvswitch ping timothy xd anton auditadm devuser dock erpnext gitrun hack installer james mc1 onlime_r scsadmin seki sftpuser software superman test_user userb alireza artem builder charles momoru rocky airflow ben elsearch ftp_inst gaoyuan guest1 hunter jim latitude lixiang muhammad myuser note portal pwrchute qemu sapadm support1 tcpdump usertest z botuser elemental instrument landscape liuj max netlink newadmin packer player proxy qaz solv bigdata mcserver muhammed owner publicuser rebecca ryan sai sinusbot ts3 vali white william wuhan yesenia zhihong zxcloudsetup acer alexis asterisk db1inst1 geoserver huser keycloak office sqldba sshadmin test123 tmax adminuser applmgr build db2admin gaurav george gerrit hammer jupyter ldap matrix testftp testnet vtiger xbmc zhangyaohua 111111 andrew db2inst jellyfin kodi | 70616 11037 6942 5387 4522 3930 2570 2096 1654 1645 1496 1429 980 773 749 737 714 709 639 598 598 591 547 533 523 508 470 456 443 437 430 420 410 409 404 395 385 352 345 343 331 326 323 320 319 313 303 301 300 285 276 276 276 272 270 263 261 253 251 245 242 237 234 220 216 209 208 204 203 200 193 189 188 187 185 185 179 178 177 175 175 173 171 164 164 163 157 155 153 153 152 151 144 144 143 142 139 137 136 136 133 132 131 129 127 125 123 123 122 118 118 117 117 114 113 110 109 109 109 107 107 106 105 103 102 101 99 98 98 97 97 96 96 96 96 95 95 94 92 91 91 91 91 90 89 89 88 86 85 85 85 84 84 84 83 83 83 83 82 82 81 81 81 79 78 77 77 77 77 76 75 75 75 74 74 73 73 72 72 71 71 71 70 70 69 69 69 69 68 67 67 66 66 66 66 64 63 63 63 63 62 61 60 60 60 60 60 60 60 59 59 59 58 58 58 57 57 56 56 56 55 55 55 55 55 55 55 55 55 54 54 54 53 53 53 53 53 53 53 52 52 52 52 52 51 51 51 50 50 50 50 50 50 50 50 49 49 49 49 49 49 49 48 48 48 48 47 47 47 47 46 46 46 46 46 46 46 46 46 45 45 45 45 45 45 44 44 44 44 44 44 44 43 43 43 43 43 43 43 42 42 42 42 42 42 42 42 42 42 42 42 42 41 41 41 41 41 41 41 41 41 41 41 41 40 40 40 40 40 40 40 39 39 39 39 39 39 39 39 39 39 39 39 39 38 38 38 38 38 38 38 38 38 38 37 37 37 37 37 37 37 37 37 36 36 36 36 36 36 36 36 36 36 36 36 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 33 33 33 33 33 33 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 31 31 31 31 31 31 31 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 29 29 29 29 29 29 29 29 29 29 29 29 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 27 27 27 27 27 | 123456 345gs5662d34 3245gs5662d34 123 password 1234 admin 12345678 123123 P@ssw0rd 12345 123456789 1 nPSpP4PBW0 admin123 root abc123 Ahgf3487@rtjhskl854hd47893@#a4nC zhbjETuyMffoL8F 1234567 1234567890 qwerty ubuntu 111111 Password passw0rd es2 test 123qwe user password1 p@ssw0rd 09N1RCa1Hs31 Aa112211. password123 abcd1234 1q2w3e4r oracle pass alex postgres admin@123 test123 root123 LeitboGi0ro Azerty2025 changeme dell Aa123456 p@ssword Aa112211 dell@123 lenovo lenovo@123 0 Passw0rd Password1 1qaz2wsx abcd123 adminHW admin1234 12 000000 Password123 111 1qaz@WSX mysql Huawei@123 abc123456 git tomcat@123 Admin@123 abc1234 tuan123 Host: (IPアドレス):23 nobody test@123 654321 1qq2w3e4r5t 1q2w3e ftpguest root@123 secret user123456 hadoop user123 oracle123 root1 system huawei ! guest test1234 postgres123 abc123456@ ubuntu123 123321 hadoop123 a123456 test123456 7777777 Welcome1 a root1234 ubuntu@123 root12 squid cloud mysql123 huawei123 bgj948888 git123 root123456 root12345 root123456789 grid root1234567 dell123 root12345678 Lenovo@123 postgres123456 ubuntu123456 2025 centos root123123 git123456 test123123 Dell@123 hadoop123456 oracle123456 user123123 git123123 hadoop123123 huawei123!@# mysql123456 postgres123123 ubuntu123123 1q2!@#$% Aa111111. mysql123123 oracle123123 debian !QAZ2wsx 1111 qwer1234 qwerty123 11111 welcome 7ujMko0admin123 admin1 letmein password1234 default ubnt toor Aa111111 ftpuser linux 666666 ftp operator 321 anonymous Huawei12#$ support Dd112211 1234qwer PASSWORD exxact@1 qwer123. cisco123 administrator kali nsroot pass1234 qwe123 kjashd123sadhj123d1SS team2 pass123 raspberry 159357 ——fuck—— qwerty123456 a1234567 1qaz@wsx tomcat 54321 4321 987654321 123abc YuLiShoping123… cisco m0n1t0r wasd huawei@123 0000 liverovast#adkz443 server test1 123qwe!@# Accept: / 1qazxsw2 fuckyou andy password! q1w2e3r4 qwertyui 123qwerty minecraft testuser passwd 1234abcd 1qaz!QAZ nginx user1 2glehe5t24th1issZs 555555 demo P@ssw0rd123 nagios nginx123 123@@@ 1314520 8888888 Diesel1982 abc vpn 1qaz2wsx3edc Admin123 P@ssw0rd!! woaini 123.com OkwKcECs8qJP2Z 00000000 qazxswedc zabbix Admin@1234 Connection: close Linux@123 devops p@55w0rd windows guest1 qwa123 r00t super derok010101 devry ts 123qweasd 5201314 click1 email@email.com p@ssw0rd! q1w2e3 qazxswedc`123 !qaz@wsx 321start Admin1234 admintelecom ali service 123qwe123 Aa123456@ manager qaz2wsx 1qaz@WSX3edc testpass testtest 888888 Password@123 adminpass Aa112233 Bingo@1993 redhat 9 ftp1 wang123 Accept-Encoding: gzip, deflate icatch99 system@123 web admins hope 1qazXSW@ ahmed sayeiqw~eqiweqQEQWHI!@@12qw sh dspace helpdesk orangepi vyos 1234!@#$ 123987 Test123 admin2 temppwd www tester 11111111 Aa12345678 aaa data master zxcvbnm 123mudar 9090 matrix prueba123 Aa112233. Ww123456.. administrator123 bin foundry rootroot teste ubuntu1234 @Admin123 ADMIN Aa123456789* Airtel@123 P@ssword Password1! jito plex Aa168168 Test lab123 realtek roberto sftp solana test321 123456qw 1q2w3e4r5t 88888888 P@ssw0rd@123 openmediavault pi Aa123123123 Aaa123123 Ckdgus11 Qwerty1 alpine odoo17 qazwsx 0r4cl3 128tRoutes 13741374 21 Aa112211@ Apple123! Connection: keep-alive Guest123 Ubuntu123 aDm8H%MdA adminadmin dev download fibranne odoo oper pa55w0rd palworld qwe123!@# storage NSSpassword1 Qq12345678 config craft frappe goodlife jenkins router !QAZ@WSX Aa123456~ asdf1234 backup@123 ftp123 log qwertyuiop richard weewx !Q2w3e4r 102030 DVdmEU8usfIYEiYD9txyX Password12345 a123456789 apache bananapi deploy elastic gateway kafka1234 odoo18 valheim vodafone 123456a 44332211 87654321 Aa5201314. E1ementa!5 admin123456 anonymous123 azerty mongod odoo16 ruijie@123 sol stack webapp123 40982 @dm!n Test@123 abcdefg admin01 anonymous@ dasdec1 gocubsgo kmi node student 0l0ctyQh243O63uD 123123123 Csgo@123 FDKJ38/dsh2@48djfn$#@sdjak@ L@y3rh0st2023 M3gaP33! Root@123 Test@2022 abc123! nexus123 openvswitch postgres1234 richard1 sandra 1qaz2WSX Admin Cisco Exabyte admin!@# backup docker fa ftpuserpassword guest2024 manish qwerty12 support123 theta victor P@$$w0rd adm arris cloudera developer elasticsearch geoserver ghost123 huigu309 intern@123 richard1234 testqazwsx timothy123 12341234 12344321 Aa112233… admin@111 astra casa cristi dolphinscheduler ftpusr hacluster installer nikita qemu rafael strawberry super1234 uftp wade 123654 159753 22222222 Changeme_123 J5cmmu=Kyf0-br8CsW Oracle@123456 Password123! Root+123 Ruijie@123 abc12345 alan asteriskftp dqi joe123 mc1 power qazqaz | 11085 5387 5341 3901 3407 3395 2506 2383 2124 1912 1646 1499 1411 1386 1374 965 829 772 757 755 751 747 741 710 689 678 664 597 563 531 470 469 466 452 444 440 428 410 404 380 376 351 349 343 332 330 328 326 317 315 310 308 308 304 303 301 298 297 296 287 276 273 265 259 257 245 240 238 237 237 231 228 223 213 213 209 209 208 206 204 203 203 203 198 198 197 196 194 194 194 193 192 192 190 188 186 185 184 184 183 183 181 179 178 177 174 172 171 170 170 169 167 167 167 165 163 160 160 159 159 158 157 157 156 155 155 153 153 152 152 152 152 151 151 151 151 151 151 150 150 150 150 145 143 142 141 141 137 135 132 132 132 132 129 129 123 120 119 119 118 114 112 108 108 107 105 103 102 102 102 100 98 96 95 94 93 93 90 90 89 89 88 85 85 84 83 83 82 81 81 80 79 79 79 79 77 76 76 76 76 75 75 74 74 73 72 72 72 71 71 71 69 68 68 68 68 67 67 67 66 66 66 64 64 64 64 64 64 63 63 63 63 62 62 61 61 61 60 60 60 60 60 60 59 59 59 59 58 58 58 57 57 57 57 57 57 57 56 56 56 56 56 56 55 55 55 55 54 54 54 53 53 53 52 52 51 50 50 50 49 49 49 49 48 48 47 47 47 47 46 46 46 46 45 45 44 44 44 44 43 42 42 42 42 42 42 41 41 41 41 40 40 40 40 40 40 40 40 39 39 39 39 39 39 39 39 38 38 38 38 38 38 38 38 37 37 37 37 37 37 36 36 36 36 36 36 36 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 34 34 34 34 34 34 34 34 33 33 33 33 33 33 33 33 33 32 32 32 32 32 32 32 32 32 32 32 32 32 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 29 29 29 29 29 29 29 29 29 29 29 29 29 29 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 27 27 27 27 27 27 27 27 27 27 27 27 27 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 |
コメント