Date: Thu, 9 Feb 2017 21:40:22 +0100 From: Polytropon <freebsd@edvax.de> To: sixto areizaga <thenewcq@optimum.net> Cc: freebsd-questions@freebsd.org Subject: Re: wireshark issue Message-ID: <20170209214022.472b0673.freebsd@edvax.de> In-Reply-To: <20170209143258.3e560e02@newer.home> References: <CAKM9q91KKxtqXRTG84Szefww%2BR--S1A7wvgSx5LV3jNS90=4qw@mail.gmail.com> <20170209143258.3e560e02@newer.home>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 9 Feb 2017 14:32:58 -0500, sixto areizaga wrote: > I was working on a webpage [that isn't up yet] no outside connections > established, I started apache [from computer #1], started wireshark > [same node] and opened firefox [computer #2] and for the url I did a > 192.168.etc.etc > > looking though packets transfered there was a transfer from outside my network - (the > ip might be in China) - it used putty [with sshv2] to get a > server/client key exchange. When you listen on a specific interface, Wireshark will display all traffic for that interface (except you apply a filter). So you're observing _two_ things at the same time which probably aren't related: First is the web site you're testing inside the LAN, second is an incomming SSH connection attempt from exterior. For testing your web site, temporarily add a filter for the traffic in your LAN. Then, as a "second project", check the SSH thing. It probably is just an automated search for unsecured SSH accounts, performed by botnets. > it looked like a mobile device running a script except using putty That is quite possible. It could be a member of a mobile botnet (which seem to become more common, even though the preferred kind of botnet is still a fleet of office PCs running "Windows"). > anyone have a similar problem? No. Should I? ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170209214022.472b0673.freebsd>