tcp 22 > tcp 22
From: Tarmo Renter (tarmo_at_momentor.ee)
To: firstname.lastname@example.org Date: Tue, 1 Jul 2003 14:32:54 +0300
I spotted today following line at my FreeBSD 4.6.2-RELEASE IPFIREWALL log:
Jul 1 13:34:35 fbsd /kernel: ipfw: 1400 Accept TCP xxxxxx:22 yyyyy:22 in via
where xxxxxx is the attacker's IP and yyyyy is my box.
But in sshd log, there are no traces left behind by this connection.
Normally, there is "Did not receive identification string from xxx" etc, when
somebody tries to scan SSH port.
Also, as you can see, the connection is made from port 22 to port 22, which is
Is this somekind of SYN packet trick and how come is no I/O to sshd made?
sshd -v shows:
sshd version OpenSSH_3.4p1 FreeBSD-20020702
--- Regards, Tarmo Renter _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "firstname.lastname@example.org"