J’ai pu observer des requetes de ce type :
45.146.166.156 - - [14/Oct/2021:11:42:23 +0200] "\x03" 400 0 "-" "-"
89.248.165.23 - - [13/Oct/2021:05:43:09 +0200] "\x03" 400 0 "-" "-"
45.141.87.54 - - [13/Oct/2021:18:52:16 +0200] "\x03" 400 0 "-" "-"
Dans le route je bloque donc les IP :
# iptables -A INPUT -s 45.146.166.156 -j DROP
# iptables -A INPUT -s 89.248.165.23 -j DROP
# iptables -A INPUT -s 45.141.87.54 -j DROP
# /usr/sbin/iptables-save > /etc/iptables/rules.v4
A suivre.
A noter, que quand c’est Russian Federation c’est pas pour mon bien … Misère :
IP Address |
Country |
Region |
City |
45.141.87.54 |
Russian Federation  |
Sankt-Peterburg |
Saint Petersburg |
IP Address |
Country |
Region |
City |
45.146.166.156 |
Russian Federation  |
Moskva |
Moscow |
Update, je pense qu’il y a plusieurs requetes :
# grep '\x03' /var/log/apache2/access.* | sed 's/:/ /g' | awk '{print $2 " " $10}' | sort -n | uniq -c
1 45.141.87.54 "\x03"
1 45.146.166.156 "\x03"
1 89.248.165.23 "\x03"
4 121.46.25.189 "\x16\x03\x01"
1 183.136.225.42 "\x16\x03\x01\x02"
3 185.193.88.50 "\x03"
2 200.37.200.185 "\x16\x03\x01"
Pour les IP :
IP Address |
Country |
Region |
City |
200.37.200.185 |
Peru  |
Cusco |
Cusco |
ISP |
Organization |
Latitude |
Longitude |
Zotac Tacna |
Not Available |
-13.5183 |
-71.9781 |
IP Address |
Country |
Region |
City |
183.136.225.42 |
China  |
Zhejiang |
Jiaxing |
ISP |
Organization |
Latitude |
Longitude |
ChinaNet Zhejiang Province Network |
Not Available |
30.7522 |
120.7500 |
IP Address |
Country |
Region |
City |
121.46.25.189 |
China  |
Guangdong |
Guangzhou |
ISP |
Organization |
Latitude |
Longitude |
Guangdong Aofei Data Technology Co. Ltd. |
Not Available |
23.1167 |
113.2500 |
J’aime ça :
J’aime chargement…