-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 27.06.10 11:12, schrieb Stan Hoeppner:
> Marc Shapiro put forth on 6/27/2010 12:57 AM:
>> From: Stan Hoeppner
>>
>>> If you were unable to find any inbound connections whilst these ~300
>>> outbound connections were present,
>>
>> Has anyone com
On Sat, 26 Jun 2010 22:57:12 -0700, Marc Shapiro wrote:
> Has anyone come up with a viable theory as to why outbound connections
> would be initiated by sshd (or something calling itself sshd) as opposed
> to ssh?
(...)
"sshd" is daemon server name for SSH service. As long as someone
establish
Marc Shapiro put forth on 6/27/2010 12:57 AM:
> From: Stan Hoeppner
>
>> If you were unable to find any inbound connections whilst these ~300
>> outbound connections were present,
>
> Has anyone come up with a viable theory as to why outbound connections would
> be initiated by sshd (or someth
From: Stan Hoeppner
> If you were unable to find any inbound connections whilst these ~300
> outbound connections were present,
Has anyone come up with a viable theory as to why outbound connections would be
initiated by sshd (or something calling itself sshd) as opposed to ssh?
> and given t
Ron Johnson put forth on 6/25/2010 3:00 PM:
> On 06/25/2010 01:47 PM, Marc Shapiro wrote:
>>
>>
>> From: Hanspeter Spalinger
> [snip]
>>>
>>> On the other side this all could be just a camouflage (?) but that
>>> wouldnt make lot sense as postgresql doing sshd is not realy a good
>>> camouflage..
On Fri, 25 Jun 2010 11:47:22 -0700 (PDT), Marc Shapiro
> For now, the system is powered down and the FIOS router is disconnected.
> Whoever got to my box had to get past the router's firewall, so I am
hoping
> that it gets a new IP address when I do plug it back in. I'm trying to
> figure how
On 06/25/2010 01:47 PM, Marc Shapiro wrote:
From: Hanspeter Spalinger
[snip]
On the other side this all could be just a camouflage (?) but that
wouldnt make lot sense as postgresql doing sshd is not realy a good
camouflage...
For now, the system is powered down and the FIOS router is dis
From: Hanspeter Spalinger
> schrieb Tom Furie:
>> On Fri, Jun 25, 2010 at 08:55:32AM -0400, Celejar wrote:
>>> On Fri, 25 Jun 2010 03:30:52 -0500
>>> Stan Hoeppner wrote:
>>>
Marc Shapiro put forth on 6/24/2010 9:47 AM:
> I am getting lines like:
> tcp0 1 192.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 25.06.10 18:51, schrieb Tom Furie:
> On Fri, Jun 25, 2010 at 08:55:32AM -0400, Celejar wrote:
>> On Fri, 25 Jun 2010 03:30:52 -0500
>> Stan Hoeppner wrote:
>>
>>> Marc Shapiro put forth on 6/24/2010 9:47 AM:
>>>
I am getting lines
like
On Fri, Jun 25, 2010 at 08:55:32AM -0400, Celejar wrote:
> On Fri, 25 Jun 2010 03:30:52 -0500
> Stan Hoeppner wrote:
>
> > Marc Shapiro put forth on 6/24/2010 9:47 AM:
> >
> > > I am getting lines
> > > like:
> > > tcp0 1 192.168.1.2:49526 59.120.141.34:22
> > > SYN_S
On Fri, 25 Jun 2010 03:30:52 -0500
Stan Hoeppner wrote:
> Marc Shapiro put forth on 6/24/2010 9:47 AM:
>
> > I am getting lines
> > like:
> > tcp0 1 192.168.1.2:49526 59.120.141.34:22
> > SYN_SENT9853/sshd
> > tcp0 0 192.168.1.2:35055 59.120.163.
On Fri, Jun 25, 2010 at 03:30:52AM -0500, Stan Hoeppner wrote:
> It appears someone has cracked/pwn3d your Debian host. That's an _outbound_
> SSH connection. 59.120.163.53 is HINET network space in Taiwan.
>
There are a lot of distributed ssh attacks on our network for the past
week or two. J
Marc Shapiro put forth on 6/24/2010 9:47 AM:
> I am getting lines
> like:
> tcp0 1 192.168.1.2:49526 59.120.141.34:22SYN_SENT
> 9853/sshd
> tcp0 0 192.168.1.2:35055 59.120.163.53:22
> ESTABLISHED 9995/sshd
It appears someone has cracked/pw
Sorry, Hanspeter, for the extra posting to you directly.
- Original Message
> From: Hanspeter Spalinger
> schrieb Marc Shapiro:
> I am running a Lenny box, with
>
postgressq-8.4.
>
> I ran ps -e, just now, and there were
over 350
> sshd processes running under user postgres. I kill
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 24.06.10 04:58, schrieb Marc Shapiro:
> I am running a Lenny box, with postgressq-8.4.
>
> I ran ps -e, just now, and there were over 350 sshd processes running under
> user postgres. I killed the postgresql-8.4 process, but the sshd processes
Marc Shapiro put forth on 6/23/2010 9:58 PM:
> I am running a Lenny box, with postgressq-8.4.
>
> I ran ps -e, just now, and there were over 350 sshd processes running under
> user postgres. I killed the postgresql-8.4 process, but the sshd processes
> were still there, so I killed them. I the
I am running a Lenny box, with postgressq-8.4.
I ran ps -e, just now, and there were over 350 sshd processes running under
user postgres. I killed the postgresql-8.4 process, but the sshd processes
were still there, so I killed them. I then started postgres again, followed by
ssh. I immediat
17 matches
Mail list logo
