Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 Jul 2001 10:33:01 +0800
From:      "jett" <tayerv@team.ph.inter.net>
To:        "freebsd-bugs" <freebsd-bugs@freebsd.org>
Subject:   broken into via ssh?
Message-ID:  <013401c114b2$20c37860$4b443dca@jett>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
im running freebsd 3.5-stable 
when i did netstat -an | grep LISTEN

here's the result

bash-2.04$ netstat -an | grep LISTEN
tcp        0      0 *.80                  *.*                   LISTEN
tcp        0      0 *.443                 *.*                   LISTEN
tcp        0      0 *.31341               *.*                   LISTEN
tcp        0      0 *.22                  *.*                   LISTEN

noticed the 31341 port that is listening
then i did 

bash-2.04$ telnet localhost 31341
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.5-1.2.27

then on port 22
bash-2.04$ telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.5-OpenSSH_2.9p2

i was surprised that i was running two different versions of ssh. was my server broken into?



[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4134.600" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>im running freebsd 3.5-stable </FONT></DIV>
<DIV><FONT face=Arial size=2>when i did netstat -an | grep LISTEN</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>here's the result</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>bash-</FONT><FONT face=Arial size=2>2.04$ netstat 
-an | grep LISTEN<BR>tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 
*.80&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
*.*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
LISTEN<BR>tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 
*.443&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
*.*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
LISTEN<BR>tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 
*.31341&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
*.*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
LISTEN<BR>tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 
*.22&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
*.*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
LISTEN<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>noticed the 31341 port that is 
listening</FONT></DIV>
<DIV><FONT face=Arial size=2>then i did </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>bash-2.04$ telnet localhost 31341<BR>Trying 
127.0.0.1...<BR>Connected to localhost.<BR>Escape character is 
'^]'.<BR>SSH-1.5-1.2.27<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>then on port 22</FONT></DIV>
<DIV><FONT face=Arial size=2>bash-2.04$ telnet localhost 22<BR>Trying 
127.0.0.1...<BR>Connected to localhost.<BR>Escape character is 
'^]'.<BR>SSH-1.5-OpenSSH_2.9p2<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>i was surprised that i was running two different 
versions of ssh. was my server broken into?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp;</DIV></FONT></BODY></HTML>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013401c114b2$20c37860$4b443dca>