'[SLE] Multiple high port ssh connections from strange host?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-e
Subject:    [SLE] Multiple high port ssh connections from strange host?
From:       "Steven T. Hatton" <hattons () globalsymmetry ! com>
Date:       2006-02-06 15:22:59
Message-ID: 200602061023.00243.hattons () globalsymmetry ! com
[Download RAW message or body]

I believe this indicates someone is trying to break into my system.  Is there 
a way to deal with this kind of attack? Other than turning off ssh, that is.

#netstat | grep ssh
tcp        0      0 myserver.mydomain:ssh mybox.mydomain:57817 ESTABLISHED 
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:38628   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:37353   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:38442   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:38990   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:38257   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:37178   TIME_WAIT   
tcp        0      0 myserver.mydomain:ssh 211.146.113.178:37533   TIME_WAIT 

-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic