[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    [gentoo-hardened] Strange sshd grsec denials
From:       atoth () atoth ! sote ! hu
Date:       2008-02-22 5:43:38
Message-ID: 33454.138.26.140.45.1203659018.squirrel () atoth ! sote ! hu
[Download RAW message or body]

Regular ssh breakin attempts don't scare me. But does any of you have these:
"Feb 21 14:40:22 name grsec: From 203.157.129.1: (root:U:/usr/sbin/sshd)
denied connect() to 203.157.129.1 port 0 sock type dgram protocol udp by
/usr/sbin/sshd[sshd:26333] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/sshd[sshd:4980] uid/euid:0/0 gid/egid:0/0"

It's scary to see, that someone tries to get the sshd to connect to
exactly the same IP address. Although the port is 0, but anyways. It's
clear, that it's not a DNS lookup, which is otherwise permitted for
sshd...

Regards.
Dw.
-- 
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962



-- 
gentoo-hardened@lists.gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]