Now, let’s talk about my home server.
Since I rarely travel abroad, I configured it to only accept access from Japan.
In other words, SSH won’t allow connections unless the connecting party has a .jp domain. I made this setting because I feel relatively secure with Japanese providers’ responses and legal frameworks.
However, yesterday, some scoundrel brazenly launched a password attack from a .jp domain.
Jul 5 07:44:39 keikun sshd[27205]: Illegal user test from 221.112.189.94
Jul 5 07:44:40 keikun sshd[27207]: Illegal user guest from 221.112.189.94
Jul 5 07:44:40 keikun sshd[27209]: Illegal user admin from 221.112.189.94
Jul 5 07:44:40 keikun sshd[27211]: Illegal user admin from 221.112.189.94
Jul 5 07:44:41 keikun sshd[27213]: Illegal user user from 221.112.189.94
Jul 5 07:44:41 keikun sshd[27215]: User root not allowed because not listed in AllowUsers
Jul 5 07:44:42 keikun sshd[27217]: User root not allowed because not listed in AllowUsers
Jul 5 07:44:42 keikun sshd[27219]: User root not allowed because not listed in AllowUsers
Jul 5 07:44:42 keikun sshd[27221]: Illegal user test from 221.112.189.94
When I looked up who this IP address, 221.112.189.94, belongs to, I found out:
[root @plugins\keikun-forms\keikun-forms.php log]# nslookup 221.112.189.94
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig’ or `host’ programs instead. Run nslookup with
the `-sil[ent]’ option to prevent this message from appearing.
Server: 192.168.xx.xx
Address: 192.168.xx.xx#53
Non-authoritative answer:
94.189.112.221.in-addr.arpa name = usen-221x112x189x94.ap-US01.usen.ad.jp.
Authoritative answers can be found from:
Hmm, usen.ad.jp, I see. I’ll dig a bit deeper to find out who manages this.
http://whois.ansi.co.jp/?key=usen.ad.jp
[ JPRS database provides information on network administration. Its use is ]
[ restricted to network administration purposes. For further information, ]
[ use ‘whois -h whois.jprs.jp help’. To suppress Japanese output, add’/e’ ]
[ at the end of command, e.g. ‘whois -h whois.jprs.jp xxx/e’. ]
Domain Information: [Domain Information]
a. [Domain Name] USEN.AD.JP
e. [Organization Name (Kana)] かぶしきかいしゃゆーずこみゅにけーしょんず
f. [Organization Name] 株式会社ユーズコミュニケーションズ
g. [Organization] U’s communications Corp.
k. [Organization Type] JPNIC会員ネットワーク
l. [Organization Type] JPNIC Member’s Network
m. [Registration Contact] MH3499JP
n. [Technical Contact] AT047JP
p. [Name Server] ns01.usen.ad.jp
p. [Name Server] ns02.usen.ad.jp
p. [Name Server] ns03.usen.ad.jp
[Status] Connected (2005/12/31)
[Registration Date] 2000/12/15
[Connection Date] 2001/02/14
[Last Update] 2005/01/01 01:12:27 (JST)[ JPNIC database provides information regarding IP address and ASN. Its use ]
[ is restricted to network administration purposes. For further information, ]
[ use ‘whois -h whois.nic.ad.jp help’. To only display English output, ]
[ add ‘/e’ at the end of command, e.g. ‘whois -h whois.nic.ad.jp xxx/e’. ]Contact Information: [Contact Information]
a. [JPNIC Handle] MH3499JP
b. [Name] 松鷹 均
c. [Last, First] Hitoshi, Matsutaka
d. [Email] abuse @usen.ad.jp
f. [Organization Name] 株式会社ユーズコミュニケーションズ
g. [Organization] U’s Communications Corp.
k. [Department] 通信技術部
l. [Division] Communication Techonology Division
m. [Title] 退職者
n. [Title] retired
o. [Phone Number] 03-5489-0276
p. [FAX Number] 03-5489-2156
y. [Notification Address] tuka @tk.usen.co.jp
y. [Notification Address] JPNIC @usen.ad.jp
[Last Update] 2002/05/14 11:37:22 (JST)
tuka @tk.usen.co.jp[ JPNIC database provides information regarding IP address and ASN. Its use ]
[ is restricted to network administration purposes. For further information, ]
[ use ‘whois -h whois.nic.ad.jp help’. To only display English output, ]
[ add ‘/e’ at the end of command, e.g. ‘whois -h whois.nic.ad.jp xxx/e’. ]Contact Information: [Contact Information]
a. [JPNIC Handle] AT047JP
b. [Name] 塚本 彰
c. [Last, First] Tsukamoto, Akira (for ABUSE)
d. [Email] abuse @usen.ad.jp
f. [Organization Name] 株式会社ユーズコミュニケーションズ
g. [Organization] U’s Communications Corp.
k. [Department] 通信技術部
l. [Division] Communication Techonology Division
m. [Title] 課長
n. [Title] Manager
o. [Phone Number] 03-5489-
p. [FAX Number] 03-5489-
y. [Notification Address] JPNIC @usen.ad.jp
[Last Update] 2003/03/05 14:18:11 (JST)
JPNIC @usen.ad.jp————————R