ssh listening at ports 81 and 444 means someone, maybe you, have set up port forwarding to have secure connection with admin interface.
Is that normal? I do have a secure connection to the admin interface -- https with a self-signed certificat -- but didn't think it had anything to do with ssh -- please correct me if I am wrong. Could someone have done someting on the raq550 admin interface to set up this sort of port forwarding? Im the only one with a shell (AFAIK!).
Once I killed those instances of ssh that were listening on ports 81 & 444 it hasn't happenend again, and I can find nothing else abnormal on the system.
Also, I can't see any point in someone doing this for malicious purposes as ports 81 & 444 were closed to the world on the firewall (watchguard firebox), and sshd was listening to the world on 22.
I have taken the machine off the network -- Am I right to be so paraniod?
Thanks for your time, Julian
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
