Re: Reality check: IPFW sees SSH traffic that sshd does not?
- From: Tadas Miniotas <tadas@xxxxxxx>
- Date: Wed, 21 Mar 2007 15:03:51 +0200
David Wolfskill wrote:
<...>
This morning (in reviewing the logs from yesterday), I found a set of
580 such setup requests logged from Mar 20 19:30:06 - Mar 20 19:40:06
(US/Pacific; currently 7 hrs. west of GMT/UTC), each from 204.11.235.148
(part of a VAULT-NETWORKS netblock). The sshd on the internal machine
never logged anything corresponding to any of this.
Might be a SYN scan. I believe SSH will not log anything if a three-way
handshake has not been completed.
Of course, it would help if you provided ipfw logs to determine exactly
what kind of packets it was.
--
Tadas Miniotas
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Reality check: IPFW sees SSH traffic that sshd does not?
- From: David Wolfskill
- Re: Reality check: IPFW sees SSH traffic that sshd does not?
- References:
- Reality check: IPFW sees SSH traffic that sshd does not?
- From: David Wolfskill
- Reality check: IPFW sees SSH traffic that sshd does not?
- Prev by Date: Reality check: IPFW sees SSH traffic that sshd does not?
- Next by Date: Re: Reality check: IPFW sees SSH traffic that sshd does not?
- Previous by thread: Reality check: IPFW sees SSH traffic that sshd does not?
- Next by thread: Re: Reality check: IPFW sees SSH traffic that sshd does not?
- Index(es):
Relevant Pages
|
|
