Security
可疑的網路活動:sshd 程序與 lsof 一起出現
我有一個執行 Debian Jessie 的樹莓派。我安裝了 pi-hole 來阻止廣告服務域 ( https://pi-hole.net )。通過日誌,我注意到很多來自中文域的查詢。
lsof -i向我展示了以下我認為可疑的列表:> sshd 1742 root 3u IPv4 16960 0t0 TCP > raspberrypi:ssh->116.31.116.47:50600 (ESTABLISHED) sshd 1743 > sshd 3u IPv4 16960 0t0 TCP > raspberrypi:ssh->116.31.116.47:50600 (ESTABLISHED) sshd 1774 > root 3u IPv4 16990 0t0 TCP > raspberrypi:ssh->183.214.141.105:56265 (ESTABLISHED) sshd 1775 > sshd 3u IPv4 16990 0t0 TCP > raspberrypi:ssh->183.214.141.105:56265 (ESTABLISHED) sshd 1869 > root 3u IPv4 17068 0t0 TCP > raspberrypi:ssh->116.31.116.47:33525 (ESTABLISHED) sshd 1870 > sshd 3u IPv4 17068 0t0 TCP > raspberrypi:ssh->116.31.116.47:33525 (ESTABLISHED) sshd 1910 > root 3u IPv4 17122 0t0 TCP > raspberrypi:ssh->116.31.116.47:35816 (ESTABLISHED) sshd 1911 > sshd 3u IPv4 17122 0t0 TCP > raspberrypi:ssh->116.31.116.47:35816 (ESTABLISHED) sshd 1931 > root 3u IPv4 17158 0t0 TCP > raspberrypi:ssh->116.31.116.47:49492 (ESTABLISHED) sshd 1932 > sshd 3u IPv4 17158 0t0 TCP > raspberrypi:ssh->116.31.116.47:49492 (ESTABLISHED) sshd 1935 > root 3u IPv4 17163 0t0 TCP > raspberrypi:ssh->183.214.141.105:23828 (ESTABLISHED) sshd 1936 > sshd 3u IPv4 17163 0t0 TCP > raspberrypi:ssh->183.214.141.105:23828 (ESTABLISHED) sshd 1937 > root 3u IPv4 17168 0t0 TCP > raspberrypi:ssh->116.31.116.47:53628 (ESTABLISHED) sshd 1938 > sshd 3u IPv4 17168 0t0 TCP > raspberrypi:ssh->116.31.116.47:53628 (ESTABLISHED) sshd 1940 > root 3u IPv4 17176 0t0 TCP > raspberrypi:ssh->116.31.116.47:57858 (ESTABLISHED) sshd 1941 > sshd 3u IPv4 17176 0t0 TCP > raspberrypi:ssh->116.31.116.47:57858 (ESTABLISHED) sshd 1944 > root 3u IPv4 17194 0t0 TCP > raspberrypi:ssh->183.214.141.105:28355 (ESTABLISHED) sshd 1945 > sshd 3u IPv4 17194 0t0 TCP > raspberrypi:ssh->183.214.141.105:28355 (ESTABLISHED)我已經更改了密碼,重新啟動了我的 Pi 並檢查了任何未知使用者(沒有)。如何繼續使我的 Pi 再次安全?
可能存在也可能不存在安全漏洞。
這可能只是一個試圖暴力破解密碼的白痴。如果他們連接,嘗試密碼,失敗,他們不嘗試另一個或關閉連接,那麼您可以看到這些連接最終將被 sshd 關閉。
/var/log/auth.log應該有一些關於登錄嘗試的資訊。該
last命令可能會顯示您成功登錄。