tcp 22 > tcp 22

From: Tarmo Renter (tarmo_at_momentor.ee)
Date: 07/01/03

  • Next message: Michael Collette: "Re: Fw: VPN setup problem - proxy arp I think"
    To: freebsd-security@freebsd.org
    Date: Tue, 1 Jul 2003 14:32:54 +0300
    
    

    Hi,

    I spotted today following line at my FreeBSD 4.6.2-RELEASE IPFIREWALL log:

    Jul 1 13:34:35 fbsd /kernel: ipfw: 1400 Accept TCP xxxxxx:22 yyyyy:22 in via
    ed1

    where xxxxxx is the attacker's IP and yyyyy is my box.

    But in sshd log, there are no traces left behind by this connection.
    Normally, there is "Did not receive identification string from xxx" etc, when
    somebody tries to scan SSH port.

    Also, as you can see, the connection is made from port 22 to port 22, which is
    odd.

    Is this somekind of SYN packet trick and how come is no I/O to sshd made?

    sshd -v shows:
    sshd version OpenSSH_3.4p1 FreeBSD-20020702

    ---
    Regards,
    Tarmo Renter
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Michael Collette: "Re: Fw: VPN setup problem - proxy arp I think"

    Relevant Pages

    • Re: Making OpenSSH listen to external interfaces
      ... I would not be sure of that until you turn *off* the firewall and try it. ... debugging sshd was unable to bind port 22 for listening and so did nothing ... -- perhaps because you forgot to stop the already-running sshd first. ... Can you get a TCP connection to port 22 or not? ...
      (comp.security.ssh)
    • Re: How do I prevent unauthorized ssh login attempts?
      ... >>> Run sshd on other port. ... The server is on a remote co-location a flight away from me. ... SSH will keep your connection active until you log out, ... Let's see if this will prevent the unauthorized sshd login attempts. ...
      (freebsd-questions)
    • Re: sshd
      ... the ssh server. ... 'sshd' failed, cannot open a connection to ... Trying to connect to TCP port 50022.. ...
      (Debian-User)
    • ssh suse 11.4
      ... With suse 11.4 I get now ssh connection from any other box. ... suse 11.4, firewall running, ssh port opened, sshd running ... Connecting to localhost port 22. ...
      (alt.linux)
    • How did this happen?
      ... May 12 06:50:43 localhost sshd: Failed password for illegal user ... cgi from 212.93.149.205 port 2265 ... Starting sshd: ...
      (comp.os.linux.security)