From owner-freebsd-questions@FreeBSD.ORG Thu Mar 16 02:15:58 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE9FA16A41F for ; Thu, 16 Mar 2006 02:15:58 +0000 (UTC) (envelope-from dgl@kirk.dlee.org) Received: from vms042pub.verizon.net (vms042pub.verizon.net [206.46.252.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9301A43D46 for ; Thu, 16 Mar 2006 02:15:58 +0000 (GMT) (envelope-from dgl@kirk.dlee.org) Received: from kirk.dlee.org ([138.88.250.184]) by vms042.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) with ESMTPA id <0IW700GRD7MHKMZ2@vms042.mailsrvcs.net> for freebsd-questions@freebsd.org; Wed, 15 Mar 2006 20:15:53 -0600 (CST) Received: from kirk.dlee.org (dgl@localhost.dlee.org [127.0.0.1]) by kirk.dlee.org (8.12.11/8.12.11) with ESMTP id k2G2FqJk098963 for ; Wed, 15 Mar 2006 21:15:52 -0500 (EST envelope-from dgl@kirk.dlee.org) Received: (from dgl@localhost) by kirk.dlee.org (8.12.11/8.12.11/Submit) id k2G2FqWt098962 for freebsd-questions@freebsd.org; Wed, 15 Mar 2006 21:15:52 -0500 (EST envelope-from dgl) Content-return: prohibited Date: Wed, 15 Mar 2006 21:15:51 -0500 From: Doug Lee To: freebsd-questions@freebsd.org Mail-followup-to: Doug Lee , freebsd-questions@freebsd.org Message-id: <20060316021551.GH92380@kirk.dlee.org> Organization: SSB + BART Group MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.5.9i Subject: Constant ssh errors - sign of security issue? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2006 02:15:59 -0000 I run two FreeBSD 4.10 systems and access them via ssh2 from a Windows XP machine running Cygwin ssh, connecting via EVDO link. I get a whole lot of three things: 1. Spontaneous "read from remote host ... terminated; connection reset by peer." Mind, this is normal on an actual connection failure (timeout), but this one can happen while I'm actively typing something through the connection, and with no other evidence that my Internet connection (at either end) is failing.. 2. On reconnect attempt, a message saying the connection was immediately closed by the remote (FreeBSD) side. 3. Less often and frequently on my next connection attempt after #2, a "software connection abort" message. The normal sequences are (4 being successful relink) 1-4, 1-2-4, and 1-2-3-4. I think 1-2-4 and 1-4 are about equally common and 1-2-3-4 is comparatively rare. Being unfamiliar with how all of these can happen while my actual Internet connection (and other TCP connections for example) seems fine, I am wondering if any of this could represent a security issue--packet snooping/redirection/"man-in-the-middle" attacks, etc. Thanks in advance for any input. Please Cc me. -- Doug Lee dgl@dlee.org SSB + BART Group doug@bartsite.com http://www.bartsite.com "Believe, when you are most unhappy, that there is something for you to do in the world. So long as you can sweeten another's pain, life is not in vain." --Helen Keller