I didn't look at your tcpdump output but I'd assume it's trying to resolve the in-addr.arpa record for the internal IP address and failing. Try setting up BIND to resolve PTR records for the internal network IP addresses and make sure that the server is configured to look to itself for DNS. Hope this helps.
///Jason -----Original Message----- From: Jeff Stevens [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 13, 2002 10:27 PM To: [EMAIL PROTECTED] Subject: sshd sending packets outside lan during local connection I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall for a local network. It has 2 nic cards, one with an internal ip and one with an external ip. When I ssh locally (to the internal ip)to this firewall it sends out packets to my ISP. If I unplug the "external ip" nic before entering the password then the connection pauses for about a minute before connecting. I am no expert as I have just started using Debian, but it seems like the password is being sniffed. I'm not exactly sure what the tcpdump output shows (ATTACHED with route info) but it seems to be doing a domain name look up (but I could be wrong). I have no idea why it would have to do a domain look-up because I connect via ip address (ssh [EMAIL PROTECTED]) which is inside the local network. Earlier I made the mistake of offering bind publicly. I recently changed this but I don't know if I was compromised during the time it was public. I am hoping this is just a misconfiguration problem. Any suggestions would be greatly appreciated. Thanks in advance. --Jeff Debian user _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
