Marc Shapiro put forth on 6/27/2010 12:57 AM:
From: Stan Hoeppner s...@hardwarefreak.com
If you were unable to find any inbound connections whilst these ~300
outbound connections were present,
Has anyone come up with a viable theory as to why outbound connections would
be initiated by
On Sat, 26 Jun 2010 22:57:12 -0700, Marc Shapiro wrote:
Has anyone come up with a viable theory as to why outbound connections
would be initiated by sshd (or something calling itself sshd) as opposed
to ssh?
(...)
sshd is daemon server name for SSH service. As long as someone
establish a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 27.06.10 11:12, schrieb Stan Hoeppner:
Marc Shapiro put forth on 6/27/2010 12:57 AM:
From: Stan Hoeppner s...@hardwarefreak.com
If you were unable to find any inbound connections whilst these ~300
outbound connections were present,
Has
On Fri, 25 Jun 2010 11:47:22 -0700 (PDT), Marc Shapiro
For now, the system is powered down and the FIOS router is disconnected.
Whoever got to my box had to get past the router's firewall, so I am
hoping
that it gets a new IP address when I do plug it back in. I'm trying to
figure how a
Ron Johnson put forth on 6/25/2010 3:00 PM:
On 06/25/2010 01:47 PM, Marc Shapiro wrote:
From: Hanspeter Spalingerdeb...@spahan.ch
[snip]
On the other side this all could be just a camouflage (?) but that
wouldnt make lot sense as postgresql doing sshd is not realy a good
camouflage...
From: Stan Hoeppner s...@hardwarefreak.com
If you were unable to find any inbound connections whilst these ~300
outbound connections were present,
Has anyone come up with a viable theory as to why outbound connections would be
initiated by sshd (or something calling itself sshd) as opposed
Marc Shapiro put forth on 6/24/2010 9:47 AM:
I am getting lines
like:
tcp0 1 192.168.1.2:49526 59.120.141.34:22SYN_SENT
9853/sshd
tcp0 0 192.168.1.2:35055 59.120.163.53:22
ESTABLISHED 9995/sshd
It appears someone has cracked/pwn3d
On Fri, Jun 25, 2010 at 03:30:52AM -0500, Stan Hoeppner wrote:
It appears someone has cracked/pwn3d your Debian host. That's an _outbound_
SSH connection. 59.120.163.53 is HINET network space in Taiwan.
There are a lot of distributed ssh attacks on our network for the past
week or two.
On Fri, 25 Jun 2010 03:30:52 -0500
Stan Hoeppner s...@hardwarefreak.com wrote:
Marc Shapiro put forth on 6/24/2010 9:47 AM:
I am getting lines
like:
tcp0 1 192.168.1.2:49526 59.120.141.34:22
SYN_SENT9853/sshd
tcp0 0 192.168.1.2:35055
On Fri, Jun 25, 2010 at 08:55:32AM -0400, Celejar wrote:
On Fri, 25 Jun 2010 03:30:52 -0500
Stan Hoeppner s...@hardwarefreak.com wrote:
Marc Shapiro put forth on 6/24/2010 9:47 AM:
I am getting lines
like:
tcp0 1 192.168.1.2:49526 59.120.141.34:22
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 25.06.10 18:51, schrieb Tom Furie:
On Fri, Jun 25, 2010 at 08:55:32AM -0400, Celejar wrote:
On Fri, 25 Jun 2010 03:30:52 -0500
Stan Hoeppner s...@hardwarefreak.com wrote:
Marc Shapiro put forth on 6/24/2010 9:47 AM:
I am getting lines
From: Hanspeter Spalinger deb...@spahan.ch
schrieb Tom Furie:
On Fri, Jun 25, 2010 at 08:55:32AM -0400, Celejar wrote:
On Fri, 25 Jun 2010 03:30:52 -0500
Stan Hoeppner wrote:
Marc Shapiro put forth on 6/24/2010 9:47 AM:
I am getting lines like:
tcp0 1 192.168.1.2:49526
On 06/25/2010 01:47 PM, Marc Shapiro wrote:
From: Hanspeter Spalingerdeb...@spahan.ch
[snip]
On the other side this all could be just a camouflage (?) but that
wouldnt make lot sense as postgresql doing sshd is not realy a good
camouflage...
For now, the system is powered down and the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 24.06.10 04:58, schrieb Marc Shapiro:
I am running a Lenny box, with postgressq-8.4.
I ran ps -e, just now, and there were over 350 sshd processes running under
user postgres. I killed the postgresql-8.4 process, but the sshd processes
Sorry, Hanspeter, for the extra posting to you directly.
- Original Message
From: Hanspeter Spalinger ha...@spahan.ch
schrieb Marc Shapiro:
I am running a Lenny box, with
postgressq-8.4.
I ran ps -e, just now, and there were
over 350
sshd processes running under user
I am running a Lenny box, with postgressq-8.4.
I ran ps -e, just now, and there were over 350 sshd processes running under
user postgres. I killed the postgresql-8.4 process, but the sshd processes
were still there, so I killed them. I then started postgres again, followed by
ssh. I
Marc Shapiro put forth on 6/23/2010 9:58 PM:
I am running a Lenny box, with postgressq-8.4.
I ran ps -e, just now, and there were over 350 sshd processes running under
user postgres. I killed the postgresql-8.4 process, but the sshd processes
were still there, so I killed them. I then
17 matches
Mail list logo
