/ Facebook • PyCon JP Association Board Member – PyCon JP Staff 2014 - – PyCon JP 2017-2019 Chair – 2023- PyCon JP Association Vice-Chair • KoedoLUG – Japan Local Linux User Group (Monthly) • Tokyo Debian study group / DebianJP • Work: MIRACLE LINUX / Cybertrust Japan Co., Ltd.
Community Service Award. Python Software Foundation award the 2021 Q4 Community Service Award to the following members of the PyCon JP Association for their work in organizing local and regional PyCons, the work of monitoring our trademarks, and in particular organizing the "PyCon JP Charity Talks" raising more than $25,000 USD in funds for the PSF: Manabu Terada, Takanori Suzuki, Takayuki Shimizukawa, Shunsuke Yoshida, Jonas Obrist. https://pyfound.blogspot.com/2022/05/
• We are now accepting proposals for community poster sessions. Community poster sessions are intended for Python communities • Form: QRCODE • Or PyCon JP blog
external access. – 自宅サーバのraspiのsshdをルータのポートフォワードで 自宅アクセス用に公開している • However, in 2022, after the beginning of the year, that can not access from external access occurs several times – しかし、2022年、年明け以降該当ポートにアクセスしても 接続できない現象が数回発生 • Can't access sshd when trying to access from home network – 自宅ネットワークからアクセスしようとしてもsshdにアクセ スできない
than 100 CLOSE_WAIT sessions – Netstatで見るとCLOSE_WAITのセッションが100件以 上 • Many accesses from unknown IPs – 全然知らないIPからのアクセスが多数 • Should CLOSE_WAIT sessions be deleted early? – とりあえずの対策はCLOSE_WAITセッションを早く消 せば良いのでは?
perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. • https://en.wikipedia.org/wiki/ Denial-of-service_attack
Connection closed by remote host • Feb 6 22:33:57 rpi sshd[8724]: Connection closed by 104.248.236.25 port 61953 • Feb 6 22:53:20 rpi sshd[12201]: error: kex_exchange_identification: banner line contains invalid characters • Feb 6 22:53:20 rpi sshd[12201]: banner exchange: Connection from 192.241.205.201 port 38756: invalid format • Feb 6 22:53:22 rpi sshd[12209]: error: kex_exchange_identification: banner line contains invalid characters • Feb 6 22:53:22 rpi sshd[12209]: banner exchange: Connection from 192.241.210.213 port 45306: invalid format • Feb 6 23:13:37 rpi sshd[15840]: error: kex_exchange_identification: banner line contains invalid characters • Feb 6 23:13:37 rpi sshd[15840]: banner exchange: Connection from 193.118.53.210 port 41310: invalid format • Feb 6 23:17:39 rpi sshd[16558]: error: kex_exchange_identification: Connection closed by remote host • Feb 6 23:17:39 rpi sshd[16558]: Connection closed by 46.101.169.203 port 43242 • Feb 6 23:44:24 rpi sshd[21403]: error: kex_exchange_identification: banner line contains invalid characters • Feb 6 23:44:24 rpi sshd[21403]: banner exchange: Connection from 45.146.165.37 port 35700: invalid format • Feb 7 00:27:53 rpi sshd[29161]: error: kex_exchange_identification: banner line contains invalid characters • Feb 7 00:27:53 rpi sshd[29161]: banner exchange: Connection from 45.146.165.37 port 42230: invalid format • Feb 7 00:52:25 rpi sshd[1115]: error: kex_exchange_identification: banner line contains invalid characters • Feb 7 00:52:25 rpi sshd[1115]: banner exchange: Connection from 139.162.145.250 port 46242: invalid format • Feb 7 01:03:06 rpi sshd[3002]: error: kex_exchange_identification: banner line contains invalid characters • Feb 7 01:03:06 rpi sshd[3002]: banner exchange: Connection from 192.241.212.170 port 46332: invalid format • Feb 7 01:03:06 rpi sshd[3003]: error: kex_exchange_identification: banner line contains invalid characters
– また繋がらない • The access sources are distributed, and the number of accesses is about 2 times at each location. – アクセス元が分散していて、アクセス回数も各所時間 を空けて2回程度 • It did not meet the conditions of ban4ip, so there was no effect of ban4ip – つまりban4ipの条件に合致しないので、ban4ipの効 果が無かった
Connection closed by remote host] • You think this message in the server log just means that the client closed the connection, right? – あなたはサーバのログに出ていたこのメッセージの 意味をクライアントが接続をクローズしたというだけだ と思いますよね? • It had other meanings. – 他の意味がありました。
as RH series and Debian Default value 10:30:100 – RH系やDebianなど多くのデフォルト設定では 10:30:100 になっています。 • This means that when the number of unauthenticated connections exceeds 10, subsequent connections will be rejected with a probability of 30%, and when the number reaches 100, all subsequent connections will be rejected. – これは、非認証な接続が 10 を超えるとそれ以降の接続を 30% の確率 で拒絶し、さらに 100 に達した時点でそれ以降の接続を全て拒絶すると いう設定になります • Normally, 10 unauthenticated connections come in at once in most environments. – 通常、非認証な接続が一気に 10 も来ることはほとんどの環境では無い • ssh_exchange_identification: Connection closed by remote host • During the rejection pattern above, I get the above error. – 上記の 拒絶 パターンの際に、上記のエラーが表示されます。
if a specific string appears in the log – 特定の文字列がログに出たらsshdを再起動する • log monitor script – ログ監視スクリプト – https://qiita.com/Qrg/items/107928672569a8141222 • Start your own shell script as a Linux systemd service – 自作したシェルスクリプトを Linux の systemd サービ スとして起動する – https://genzouw.com/entry/2021/07/05/154156/270 1/
won't connect... – またまた繋がらない... • Research… – 現象再調査... • Now when I look at netstat, there are no remaining sessions – 今度はnetstatを見ても残セッション無し • Continuing research... – 継続調査すると...
a function to give up restarting when restarting occurs many times in a short time. Specifically, after StartLimitBurst restarts occur during StartLimitInterval , systemd will stop automatically restarting. By default, it will reboot up to 5 times in 10 seconds, after which it will give up. • Systemdには短い時間で何回も再起動が発生すると再起動を諦め る機能があります。 具体的には StartLimitInterval の間に StartLimitBurst の回数だけ再起動が起きると、systemd は自動的 に再起動するのを止めます。デフォルトでは 10 秒の間に 5 回まで 再起動が行われ、それを超えると再起動を諦めます。 • /etc/systemd/system.conf • [Manager] • #DefaultStartLimitInterval=10s • #DefaultStartLimitBurst=5
Connection from 45.146.165.37 port 35236: invalid format • Feb 20 16:15:43 rpi sshd[27355]: Connection from 45.146.165.37 port 37156: invalid format • Feb 20 17:31:22 rpi sshd[28597]: Connection from 45.146.165.37 port 50254: invalid format • Feb 20 18:16:26 rpi sshd[29368]: Connection from 45.146.165.37 port 42220: invalid format • Feb 20 19:34:56 rpi sshd[30845]: Connection from 45.146.165.37 port 36502: invalid format • Feb 20 20:22:35 rpi sshd[31756]: Connection from 45.146.165.37 port 42334: invalid format • Feb 20 20:35:15 rpi sshd[31961]: Connection from 45.146.165.37 port 37422: invalid format • Feb 20 21:47:39 rpi sshd[808]: Connection from 45.146.165.37 port
• This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms- conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '45.146.164.0 - 45.146.165.255' % Abuse contact for '45.146.164.0 - 45.146.165.255' is '[email protected]' inetnum: 45.146.164.0 - 45.146.165.255 netname: RU-ITRESHENIYA country: RU → Russian Federation (ロシア連邦) org: ORG- ITR1-RIPE admin-c: ITR30-RIPE tech-c: ITR30-RIPE status: ASSIGNED PA mnt-by: IP-RIPE mnt-routes: MNT-SELECTEL created: 2020-09- 07T16:45:55Z last-modified: 2021-10-05T19:15:10Z source: RIPE •
• We are now accepting proposals for community poster sessions. Community poster sessions are intended for Python communities • Form: QRCODE • Or PyCon JP blog