strange stunnel connections
I just checked my /var/log/messages file and found 3 entries reporting IP numbers that I don't know, actually from countries with which I have absolutely no connection:
/var/log/messages.1:Jul 7 16:13:12 myhost stunnel: LOG5[1518:3061617960]: stunnel connected from 91.92.93.94:25564 (Actual numbers changed for this post.) There doesn't seem to be any record of successful logins from any IP except mine. Just these stunnel entries, besides many stunnel entries attributed to my IP. What do those entries mean? |
Presumably it means someone completed an SSL handshake with your stunnel-ed service.
What's the service? Do you want it to be allowing connections from anywhere in the world? |
Quote:
Code:
]$ nl stunnel-4.04/src/client.c | grep -B 10 -A 4 'connected from' |
You two are losing me. I don't quite understand what you mean. I have an SSL tunnel from my notebook to my server for SMTP and POP3. But is that the same stunnel that someone else used? Or did they create another? How? I have a good password, and I use unusual ports for SSH and the SSL tunnel.
Maybe it is just a failed attempt... Code:
Jul 7 14:26:44 myhost stunnel: LOG5[1512:3083724480]: stunnel 4.17 on i686-pc-linux-gnu with OpenSSL 0.9.8d 28 Sep 2006 |
Quote:
|
All times are GMT -5. The time now is 02:04 PM. |