tcp 22 > tcp 22
From: Tarmo Renter (tarmo_at_momentor.ee)
Date: 07/01/03
- Previous message: Richard Nyberg: "pam_krb5 and xdm"
- Next in thread: Nikolaj I. Potanin: "Re: tcp 22 > tcp 22"
- Reply: Nikolaj I. Potanin: "Re: tcp 22 > tcp 22"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: freebsd-security@freebsd.org Date: Tue, 1 Jul 2003 14:32:54 +0300
Hi,
I spotted today following line at my FreeBSD 4.6.2-RELEASE IPFIREWALL log:
Jul 1 13:34:35 fbsd /kernel: ipfw: 1400 Accept TCP xxxxxx:22 yyyyy:22 in via
ed1
where xxxxxx is the attacker's IP and yyyyy is my box.
But in sshd log, there are no traces left behind by this connection.
Normally, there is "Did not receive identification string from xxx" etc, when
somebody tries to scan SSH port.
Also, as you can see, the connection is made from port 22 to port 22, which is
odd.
Is this somekind of SYN packet trick and how come is no I/O to sshd made?
sshd -v shows:
sshd version OpenSSH_3.4p1 FreeBSD-20020702
--- Regards, Tarmo Renter _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Richard Nyberg: "pam_krb5 and xdm"
- Next in thread: Nikolaj I. Potanin: "Re: tcp 22 > tcp 22"
- Reply: Nikolaj I. Potanin: "Re: tcp 22 > tcp 22"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
