LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-11-2007, 02:32 PM   #1
ErrorBound
Member
 
Registered: Apr 2006
Posts: 280

Rep: Reputation: 31
Unauthorized SSH connections


Today I was sitting around and by chance happened to notice that my machine had traffic of ~5 kB/s (up and down), but I was not doing anything to initiate this. So I checked the network connections:

Code:
njl@dvorak:~$ netstat -tup
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 dvorak.local:36785      by2msg1161905.phx.:msnp ESTABLISHED14160/wish
tcp        0      0 dvorak.local:39103      modemcable042.219:21197 ESTABLISHED24287/skype
tcp        0      0 dvorak.local:39776      by1msg3145605.phx.:msnp ESTABLISHED14160/wish
tcp        0      0 dvorak.local:50564      py-in-f18.google.co:www ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:38153      py-in-f147.google.c:www ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:38118      py-in-f147.google.c:www ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:38415      eh-in-f99.google.co:www ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:37486      207.61.136.27:www       ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:37485      207.61.136.27:www       ESTABLISHED29110/firefox-bin
tcp6       0      0 ::ffff:192.168.2.30:ssh appsrv2.masternur:56662 TIME_WAIT  -
tcp6       0      0 ::ffff:192.168.2.30:ssh appsrv2.masternur:35433 TIME_WAIT  -
tcp6       0      0 ::ffff:192.168.2.30:ssh appsrv2.masternur:58881 TIME_WAIT  -
tcp6       0    704 ::ffff:192.168.2.30:ssh appsrv2.masternur:42006 ESTABLISHED-
tcp6       0      0 ::ffff:192.168.2.30:ssh appsrv2.masternur:33744 TIME_WAIT  -
tcp6       0      0 ::ffff:192.168.2.30:ssh appsrv2.masternur:57248 TIME_WAIT  -
And there I found some mysterious SSH connections to appsrv2.masternursery.com on various ports. I then killed the SSH processes and the network traffic stopped.

What is going on?

(Debian etch, linux 2.6.18, KDE, etc etc)

Last edited by ErrorBound; 03-11-2007 at 03:18 PM.
 
Old 03-11-2007, 03:25 PM   #2
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
What is going on? You don't have your SSH properly secured and someone managed to establish a connection.

Read the sticky thread on this forum about unauthorized SSH connections to learn what to do about it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I block IP's to prevent unauthorized SSH login attempts? leofoxx Linux - Security 6 05-23-2005 10:36 PM
Problems with SSH connections Kero-Chan Linux - Networking 10 10-15-2004 07:34 PM
SSH doesn't accept connections basse- Linux - Software 1 05-23-2004 08:33 AM
Can I see ssh connections? bruno buys Linux - Networking 4 11-19-2003 03:46 PM
SSH - Refused Connections bfloeagle Linux - Networking 6 08-31-2001 01:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration