[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-router
Subject: [LRP] suspicious log.
From: "Deja User" <autofuzz () my-deja ! com>
Date: 2001-06-27 2:56:08
[Download RAW message or body]
hi,
I have a question regarding something that got logged on my router, i'm not sure this \
is the right place to ask this question, in case it isn't please direct me \
accordingly.
on the 24th of June i got a trace in my 'messages' file from the sshd daemon stating \
that it refused a connection from some ip on the net (a valid routable IP on the inet \
someplace) and a second later the sshd stated it was generating a key sequence (i \
guess that's the stuff it does when someone connects via an SSH client) What's \
scaring me is the fact that port 22 on that machine is not open to the outside world. \
firstly the firewall (ipchains) rule deny's access, secondly in the hosts.deny file i \
have ALL:ALL and ALL:PARANOID set and the hosts.allow file only allows a non \
routable internal address to access that machine.
i grepped for that IP address in all the log files and also looked for any suspicious \
things in the logs but didn't find any.
any idea what could have happened?? is it a breakin??
I'm using LRP Eigerstien Beta 2 (downloaded ~4 months back )with the default sshd \
daemon.
thanks,
A!
------------------------------------------------------------
--== Sent via Deja.com ==--
http://www.deja.com/
_______________________________________________
linux-router maillist - linux-router@linuxrouter.org
http://www.linuxrouter.org/mailman/listinfo/linux-router
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic