LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page DoS attack? port 22
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-10-2008, 04:42 PM   #1
templeton
LQ Newbie
 
Registered: Sep 2006
Posts: 6

Rep: Reputation: 0
DoS attack? port 22

hi,
I'm using a linux-debian server as default-server inside a LAN.
user where unable to connect to the network from outside, so after checking the hashTable of the router I realized was full.
All the connections where generated from the server, by 2 process called "/bin/sh ./start 25" and "/bin/bash ./a 25.49" and the connections where to IP's 25.49.x.x: I had 2048 connections (maximum).
Anybody experienced this behaviour or can have some nice ideas? looking to the process I've seen the identd (pidentd package) is running, but I've never used it.

bye thanks
 
Old 11-11-2008, 03:48 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by templeton View Post
All the connections where generated from the server, by 2 process called "/bin/sh ./start 25" and "/bin/bash ./a 25.49"
Either some scanner piggybacking onto something else or an outright breach of security. Better start with the Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intrud...checklist.html
Last edited by unSpawn; 11-11-2008 at 03:51 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dos Attack on SSH Tunnel SPEEDEX Linux - Networking 3 04-08-2007 11:58 AM
is this a Dos Attack?? xtremeclones Linux - Security 8 09-27-2006 01:40 AM
Linux DOS Attack Possibility chereth Linux - Security 2 02-09-2006 12:26 PM
detecting a DOS attack ignus Linux - Security 4 07-29-2004 02:17 PM
Are we under DOS attack? sarmadys Linux - Security 2 02-06-2002 09:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:54 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration