[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-linux-e
Subject: [SLE] Multiple high port ssh connections from strange host?
From: "Steven T. Hatton" <hattons () globalsymmetry ! com>
Date: 2006-02-06 15:22:59
Message-ID: 200602061023.00243.hattons () globalsymmetry ! com
[Download RAW message or body]
I believe this indicates someone is trying to break into my system. Is there
a way to deal with this kind of attack? Other than turning off ssh, that is.
#netstat | grep ssh
tcp 0 0 myserver.mydomain:ssh mybox.mydomain:57817 ESTABLISHED
tcp 0 0 myserver.mydomain:ssh 211.146.113.178:38628 TIME_WAIT
tcp 0 0 myserver.mydomain:ssh 211.146.113.178:37353 TIME_WAIT
tcp 0 0 myserver.mydomain:ssh 211.146.113.178:38442 TIME_WAIT
tcp 0 0 myserver.mydomain:ssh 211.146.113.178:38990 TIME_WAIT
tcp 0 0 myserver.mydomain:ssh 211.146.113.178:38257 TIME_WAIT
tcp 0 0 myserver.mydomain:ssh 211.146.113.178:37178 TIME_WAIT
tcp 0 0 myserver.mydomain:ssh 211.146.113.178:37533 TIME_WAIT
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic