Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-11-2007, 02:32 PM   #1
Registered: Apr 2006
Posts: 280

Rep: Reputation: 31
Unauthorized SSH connections

Today I was sitting around and by chance happened to notice that my machine had traffic of ~5 kB/s (up and down), but I was not doing anything to initiate this. So I checked the network connections:

njl@dvorak:~$ netstat -tup
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 dvorak.local:36785      by2msg1161905.phx.:msnp ESTABLISHED14160/wish
tcp        0      0 dvorak.local:39103      modemcable042.219:21197 ESTABLISHED24287/skype
tcp        0      0 dvorak.local:39776      by1msg3145605.phx.:msnp ESTABLISHED14160/wish
tcp        0      0 dvorak.local:50564 ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:38153 ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:38118 ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:38415 ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:37486       ESTABLISHED29110/firefox-bin
tcp        0      0 dvorak.local:37485       ESTABLISHED29110/firefox-bin
tcp6       0      0 ::ffff: appsrv2.masternur:56662 TIME_WAIT  -
tcp6       0      0 ::ffff: appsrv2.masternur:35433 TIME_WAIT  -
tcp6       0      0 ::ffff: appsrv2.masternur:58881 TIME_WAIT  -
tcp6       0    704 ::ffff: appsrv2.masternur:42006 ESTABLISHED-
tcp6       0      0 ::ffff: appsrv2.masternur:33744 TIME_WAIT  -
tcp6       0      0 ::ffff: appsrv2.masternur:57248 TIME_WAIT  -
And there I found some mysterious SSH connections to on various ports. I then killed the SSH processes and the network traffic stopped.

What is going on?

(Debian etch, linux 2.6.18, KDE, etc etc)

Last edited by ErrorBound; 03-11-2007 at 03:18 PM.
Old 03-11-2007, 03:25 PM   #2
Senior Member
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
What is going on? You don't have your SSH properly secured and someone managed to establish a connection.

Read the sticky thread on this forum about unauthorized SSH connections to learn what to do about it.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I block IP's to prevent unauthorized SSH login attempts? leofoxx Linux - Security 6 05-23-2005 10:36 PM
Problems with SSH connections Kero-Chan Linux - Networking 10 10-15-2004 07:34 PM
SSH doesn't accept connections basse- Linux - Software 1 05-23-2004 08:33 AM
Can I see ssh connections? bruno buys Linux - Networking 4 11-19-2003 03:46 PM
SSH - Refused Connections bfloeagle Linux - Networking 6 08-31-2001 01:16 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration