DoS attack? port 22
I'm using a linux-debian server as default-server inside a LAN.
user where unable to connect to the network from outside, so after checking the hashTable of the router I realized was full.
All the connections where generated from the server, by 2 process called "/bin/sh ./start 25" and "/bin/bash ./a 25.49" and the connections where to IP's 25.49.x.x: I had 2048 connections (maximum).
Anybody experienced this behaviour or can have some nice ideas? looking to the process I've seen the identd (pidentd package) is running, but I've never used it.