Marc Shapiro put forth on 6/24/2010 9:47 AM: > I am getting lines > like: > tcp 0 1 192.168.1.2:49526 59.120.141.34:22 SYN_SENT > 9853/sshd > tcp 0 0 192.168.1.2:35055 59.120.163.53:22 > ESTABLISHED 9995/sshd
It appears someone has cracked/pwn3d your Debian host. That's an _outbound_ SSH connection. 59.120.163.53 is HINET network space in Taiwan. You need to pull the cable on the machine, or firewall out all SSH connections but _yours_ and clean up the box. Given that they're able to make _outbound_ ssh connections from your host, they likely have root access already and/or have installed a rootkit. Your only truly safe bet it to wipe the machine's disks and reinstall Debian from scratch. Backup your database first and any critical files. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c24693c.8020...@hardwarefreak.com
