From suse-linux-e  Mon Feb 06 15:22:59 2006
From: "Steven T. Hatton" <hattons () globalsymmetry ! com>
Date: Mon, 06 Feb 2006 15:22:59 +0000
To: suse-linux-e
Subject: [SLE] Multiple high port ssh connections from strange host?
Message-Id: <200602061023.00243.hattons () globalsymmetry ! com>
X-MARC-Message: https://marc.info/?l=suse-linux-e&m=113923942330662

I believe this indicates someone is trying to break into my system.  Is there 
a way to deal with this kind of attack? Other than turning off ssh, that is.

#netstat | grep ssh
tcp        0      0 myserver.mydomain:ssh mybox.mydomain:57817 ESTABLISHED 
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:38628   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:37353   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:38442   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:38990   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:38257   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:37178   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:37533   TIME_WAIT 

-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com