Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Feb 2017 18:22:23 -0500
From:      Jon Radel <jon@radel.com>
To:        sixto areizaga <thenewcq@optimum.net>, freebsd-questions@freebsd.org
Subject:   Re: wireshark issue
Message-ID:  <c2dd4d2c-0e7c-42f0-9eef-2cb734421767@radel.com>
In-Reply-To: <20170209174405.5d551b88@newer.home>
References:  <CAKM9q91KKxtqXRTG84Szefww%2BR--S1A7wvgSx5LV3jNS90=4qw@mail.gmail.com> <20170209174405.5d551b88@newer.home>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format.

--------------ms060407000909030002060308
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2/9/17 5:44 PM, sixto areizaga wrote:
> Has anyone experienced something similar or have any info about the
> following using wireshark...
>=20
> =20
> I was working on a webpage [that isn't up yet] no outside connections
> established, I started apache [from computer #1], started wireshark
> [same node] and opened firefox [computer #2] and for the url I did a
> 192.168.etc.etc
>=20
> looking though packets transfered there was a transfer from outside my
> network - (the ip might be in China) - it used putty [with sshv2] to
> get a server/client key exchange.
>=20
> it looked like a mobile device running a script except using putty=20
>=20
> anyone have a similar problem?=20

Somebody already answered the first time you asked this question.  Why
ask again?

Yes, there are people out on the Internet who constantly scan ipv4
addresses for any number of interesting servers, and that most certainly
includes ssh servers.  This should be obvious if you have a machine that
allows for connections to port tcp/22 from the Internet at large--just
look at the log of failed connection attempts or fire up a copy of
wireshark.

If you don't like it, block the traffic using a firewall.  You can also
move your ssh server to a different port, which will reduce the noise
considerably and pretty predictably start an argument about "security by
obscurity is not really security."

Really, the only part of your question that *I* find remotely
interesting is how you determined that the client is actually a copy of
putty running on a mobile device, or at least looks like it is?


--=20
--Jon Radel
jon@radel.com


--------------ms060407000909030002060308
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
Cq8wggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw
CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD
VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh
TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak
+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC
ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr
vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC
ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC
4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs
Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj
mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb
4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ
26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT
9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl
tukWeh95FPZKEBom+nyK+5swggX4MIIE4KADAgECAhBzVOU8fWu0zQ1gaQ38zgEbMA0GCSqG
SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE
AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0EwHhcNMTUwMzMwMDAwMDAwWhcNMTgwMzI5MjM1OTU5WjCB+jELMAkGA1UEBhMCVVMx
DjAMBgNVBBETBTIyMTUwMQswCQYDVQQIEwJWQTEUMBIGA1UEBxMLU3ByaW5nZmllbGQxGjAY
BgNVBAkTETY5MTcgUmlkZ2V3YXkgRHIuMRUwEwYDVQQKEwxKb24gVC4gUmFkZWwxMjAwBgNV
BAsTKUlzc3VlZCB0aHJvdWdoIEpvbiBULiBSYWRlbCBFLVBLSSBNYW5hZ2VyMR8wHQYDVQQL
ExZDb3Jwb3JhdGUgU2VjdXJlIEVtYWlsMRIwEAYDVQQDEwlKb24gUmFkZWwxHDAaBgkqhkiG
9w0BCQEWDWpvbkByYWRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe
1Rth9hbQqaODn++C5dVAQH9nM2VH3oPazZufOwmIG2SXI/v3PuemcQQ3JkhmpQ06gYszyXbk
TCLsqvEfalYj81jdt/K5lT4aVdj0LfJIWyTcU95V2rsCuHsSvn/PnIcsEtXg53rCtqS4EOtJ
9u3rY2hP8YCiyz1yY3mn4nKJs93MHG4AkXYuVpzfaIADETcVrA+razvXEfnDJXXDZZ9ZuuV1
06yIovOvhYWSlaVu8nrSHJjXFZI2IXwgIeVBoMih3yu6LLj14I/YdZ0rIA8K+UNB+NW6Ri3u
wHXBbr4jh3ZqkrqIVUrf1VeybhdrJcdqXdMNHjKDSlCoaxYRbLy1AgMBAAGjggHVMIIB0TAf
BgNVHSMEGDAWgBSSYWuC4aKgqk/sZ/HCo/e0gADB7DAdBgNVHQ4EFgQUz9YB10WEfBNHskRw
o/0vh8qaQuwwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
BQUHAwQGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMFMCswKQYIKwYBBQUH
AgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0
dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9u
YW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxo
dHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlv
bmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9j
YS5jb20wGAYDVR0RBBEwD4ENam9uQHJhZGVsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAS1Pe
+gBgP+SQ/a5I5e7zX0Rg0DhH378LHlZixJgS6LfCPL2edKMUQi3Th9GXfLjdeyeWuMWoz925
ZzBHcPwkBeH+iM/AEhu0Dhi0kop/p66g9tEPJUZ/KDsqxddNDrD0Typn3/33pHTjJEDqydzA
gwB0Nn8blpMbqSwT+j8wuPakfLsj1cSDzXrTLLsmIQB7auAyaYXdWyW8Yqw336rLUCvjOUfn
qOOyjVsieTw/0PLoOHJaGyez+VtV4eyi6p1SNiX32A+fvxBMzKQLCokE43cXItc9Okzq//f2
fuvGp17r8mpm4OjjM5E2kwsg9bBPUBMR4/sxosKVLn0o9rxlozGCBEEwggQ9AgEBMIGwMIGb
MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT
YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNI
QS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEHNU5Tx9
a7TNDWBpDfzOARswDQYJYIZIAWUDBAIBBQCgggJhMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTE3MDIwOTIzMjIyM1owLwYJKoZIhvcNAQkEMSIEIEL3MQwZ
+dQMx2OVQgfuI+oYi+55ufqJKLghS4dR89KXMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD
BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgcEGCSsGAQQBgjcQBDGBszCBsDCBmzEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs
Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEt
MjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBzVOU8fWu0
zQ1gaQ38zgEbMIHDBgsqhkiG9w0BCRACCzGBs6CBsDCBmzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
T0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBzVOU8fWu0zQ1gaQ38zgEbMA0GCSqGSIb3
DQEBAQUABIIBAAO3Rs1m25Vz06e7U+OHKzeaFQ2+ME1D0wAJoeO8W8vjQGhG21alGFdJxrIR
5Zd11nTDn2XwsLb3enOOysgcbgKeGVWLSNoSKrP4Q3+pnMUeUya81xFKt7pQHnWORBCKffkq
rEUuQzUkEckwjx/nlqJW2fg41305eeRG4rz22YI3oOgphKi0xLyCFXsZ9ECcZCzj3UOOzlCx
mLVr1NxfesW8PuOKn6GOhWJ7YkJSoNBzS48rbkclJJFk8FgXEXlytK1zeIdqkisDxg4w+TRY
QAHKDmSQPPSP98JSSJD/FwPeTcKzF8KZeo6weLKDRYmUURDrH4jw0Qu9oq6NSbdUd3sAAAAA
AAA=
--------------ms060407000909030002060308--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c2dd4d2c-0e7c-42f0-9eef-2cb734421767>