Adam Hardy wrote:
Is this some brute force dictionary attack in progress on my webserver?
The full foreign address is zns551-ga01a.us.yokogawa.com.
Those nasty people in Yokogawa!
-------- Original Message --------
Date: Thu, 22 Dec 2005 05:00:07 +0000 (GMT)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 *:mysql *:* LISTEN 296/mysqld
tcp 0 0 *:ssh *:* LISTEN 252/sshd
tcp 0 0 *:12121 *:* LISTEN 298/perl
tcp 0 0 *:smtp *:* LISTEN 243/master
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:35467
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:34313
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:34056
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:35102
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:35422
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:33646
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:36109
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:35949
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:34477
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:35841
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:34704
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:34183
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:36054
TIME_WAIT -
tcp 0 0 hardya1.miniserver:ssh zns551-ga01a.us.y:36054
TIME_WAIT -
tcp 0 0 localhost:8005 *:* LISTEN 279/java
tcp 0 0 *:www *:* LISTEN 279/java
tcp 0 0 *:https *:* LISTEN 279/java
tcp 1 0 localhost:2948 localhost:mysql CLOSE_WAIT
279/java
tcp 1 0 localhost:4947 localhost:mysql CLOSE_WAIT
279/java
Either that, our someone is trying to DoS you. Try setting your
firewall to ratelimit inbound ssh connections to one or two per minute.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
