From owner-freebsd-questions@freebsd.org Fri Feb 10 00:22:35 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15F6ECD7560 for ; Fri, 10 Feb 2017 00:22:35 +0000 (UTC) (envelope-from jon@radel.com) Received: from radel.com (fly.radel.com [70.184.242.170]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.radel.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B959511BA for ; Fri, 10 Feb 2017 00:22:33 +0000 (UTC) (envelope-from jon@radel.com) X-CGP-ClamAV-Result: CLEAN X-VirusScanner: Niversoft's CGPClamav Helper v1.19.2 (ClamAV engine v0.99.2) X-ExtFilter: Niversoft's DomainKeys Helper DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; d=radel.com; s=20170108.radel; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; b=MzveOhAzZsSuYyuMk/QdQ+V2j0W1Nv4eAbBiLlOcPha7hlTtct8TSvPO6jmilsaeWt 0MvJqztV2sntVEmKtVOpb91jBsUuQSuiP1a6/Ma257Yh/qxy72QvBbO3d+GWOV0Kd++f cCjzycZnKvyiTcjz6w8MVTsKM0Uy4EIkdUVKcoyWzLiP9lBNV/JiIliea7dNHNNiBUiV j4lyUZnuD1vdvnp+31TcJbYtunCSkNeUk7oHitI7ZjSdnTOeMlgxLvGrGaPYLs3lQYYv 7V5g/JY3TN0fCo4Ft5V7tKcWjMsK6bnwtidW6Aowj/u8mDDOFoQSlj59yYM4K2fGVEWo 05vw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radel.com; s=20170108.radel; t=1486682543; x=1487287343; q=dns/txt; h=Subject:To:References:From:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:Content-Type; bh=NXUjM7xINwH HsemzzgZV6zkYJeFbZ5dYfwOboGzJKw0=; b=0hgOSzJsYYWZYKrsNvjgssqlxpb HpKcWIlCQK5n2vmqaGTzmTYgUGm0eBFwA5XZEO5nBF+BuYaF9Fw+ZVCz2i4Q9eJo 8CSXSLPGCtdYo/pyvL0oTw78NO7CswFvzKotbivapsxRJq6vQ1ieRa4nNKtRsrXP PZP25qU85TtqD5dHs9agZHf3caqQ19Ae2WPu9j+GJvpMhz5S6a/oPOgQBE3MLArm MuINofIhGS8FdpvkEDREBjyhxXCq8Ehk2Y6TlD30GwFX0L8LcVcMpPS85BtL5Axd iawWyvSnqHe7GaC3N3WpyoHTEo8SQP4z4CUgxBHdvdVtaMuZ2hNdNx9JcoA== Received: from [2001:470:880a:4389:e841:9925:27ed:8526] (account jon@radel.com HELO gravenstein.local) by radel.com (CommuniGate Pro SMTP 6.1.14 _community_) with ESMTPSA id 1256330; Thu, 09 Feb 2017 23:22:23 +0000 Subject: Re: wireshark issue To: sixto areizaga , freebsd-questions@freebsd.org References: <20170209174405.5d551b88@newer.home> From: Jon Radel Message-ID: Date: Thu, 9 Feb 2017 18:22:23 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 In-Reply-To: <20170209174405.5d551b88@newer.home> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms060407000909030002060308" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2017 00:22:35 -0000 This is a cryptographically signed message in MIME format. --------------ms060407000909030002060308 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2/9/17 5:44 PM, sixto areizaga wrote: > Has anyone experienced something similar or have any info about the > following using wireshark... >=20 > =20 > I was working on a webpage [that isn't up yet] no outside connections > established, I started apache [from computer #1], started wireshark > [same node] and opened firefox [computer #2] and for the url I did a > 192.168.etc.etc >=20 > looking though packets transfered there was a transfer from outside my > network - (the ip might be in China) - it used putty [with sshv2] to > get a server/client key exchange. >=20 > it looked like a mobile device running a script except using putty=20 >=20 > anyone have a similar problem?=20 Somebody already answered the first time you asked this question. Why ask again? Yes, there are people out on the Internet who constantly scan ipv4 addresses for any number of interesting servers, and that most certainly includes ssh servers. This should be obvious if you have a machine that allows for connections to port tcp/22 from the Internet at large--just look at the log of failed connection attempts or fire up a copy of wireshark. If you don't like it, block the traffic using a firewall. You can also move your ssh server to a different port, which will reduce the noise considerably and pretty predictably start an argument about "security by obscurity is not really security." Really, the only part of your question that *I* find remotely interesting is how you determined that the client is actually a copy of putty running on a mobile device, or at least looks like it is? --=20 --Jon Radel jon@radel.com --------------ms060407000909030002060308 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC Cq8wggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4 dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak +FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC 4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb 4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ 26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT 9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl tukWeh95FPZKEBom+nyK+5swggX4MIIE4KADAgECAhBzVOU8fWu0zQ1gaQ38zgEbMA0GCSqG SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0EwHhcNMTUwMzMwMDAwMDAwWhcNMTgwMzI5MjM1OTU5WjCB+jELMAkGA1UEBhMCVVMx DjAMBgNVBBETBTIyMTUwMQswCQYDVQQIEwJWQTEUMBIGA1UEBxMLU3ByaW5nZmllbGQxGjAY BgNVBAkTETY5MTcgUmlkZ2V3YXkgRHIuMRUwEwYDVQQKEwxKb24gVC4gUmFkZWwxMjAwBgNV BAsTKUlzc3VlZCB0aHJvdWdoIEpvbiBULiBSYWRlbCBFLVBLSSBNYW5hZ2VyMR8wHQYDVQQL ExZDb3Jwb3JhdGUgU2VjdXJlIEVtYWlsMRIwEAYDVQQDEwlKb24gUmFkZWwxHDAaBgkqhkiG 9w0BCQEWDWpvbkByYWRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe 1Rth9hbQqaODn++C5dVAQH9nM2VH3oPazZufOwmIG2SXI/v3PuemcQQ3JkhmpQ06gYszyXbk TCLsqvEfalYj81jdt/K5lT4aVdj0LfJIWyTcU95V2rsCuHsSvn/PnIcsEtXg53rCtqS4EOtJ 9u3rY2hP8YCiyz1yY3mn4nKJs93MHG4AkXYuVpzfaIADETcVrA+razvXEfnDJXXDZZ9ZuuV1 06yIovOvhYWSlaVu8nrSHJjXFZI2IXwgIeVBoMih3yu6LLj14I/YdZ0rIA8K+UNB+NW6Ri3u wHXBbr4jh3ZqkrqIVUrf1VeybhdrJcdqXdMNHjKDSlCoaxYRbLy1AgMBAAGjggHVMIIB0TAf BgNVHSMEGDAWgBSSYWuC4aKgqk/sZ/HCo/e0gADB7DAdBgNVHQ4EFgQUz9YB10WEfBNHskRw o/0vh8qaQuwwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB BQUHAwQGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMFMCswKQYIKwYBBQUH AgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0 dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9u YW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxo dHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlv bmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9j YS5jb20wGAYDVR0RBBEwD4ENam9uQHJhZGVsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAS1Pe +gBgP+SQ/a5I5e7zX0Rg0DhH378LHlZixJgS6LfCPL2edKMUQi3Th9GXfLjdeyeWuMWoz925 ZzBHcPwkBeH+iM/AEhu0Dhi0kop/p66g9tEPJUZ/KDsqxddNDrD0Typn3/33pHTjJEDqydzA gwB0Nn8blpMbqSwT+j8wuPakfLsj1cSDzXrTLLsmIQB7auAyaYXdWyW8Yqw336rLUCvjOUfn qOOyjVsieTw/0PLoOHJaGyez+VtV4eyi6p1SNiX32A+fvxBMzKQLCokE43cXItc9Okzq//f2 fuvGp17r8mpm4OjjM5E2kwsg9bBPUBMR4/sxosKVLn0o9rxlozGCBEEwggQ9AgEBMIGwMIGb MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNI QS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEHNU5Tx9 a7TNDWBpDfzOARswDQYJYIZIAWUDBAIBBQCgggJhMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTE3MDIwOTIzMjIyM1owLwYJKoZIhvcNAQkEMSIEIEL3MQwZ +dQMx2OVQgfuI+oYi+55ufqJKLghS4dR89KXMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgcEGCSsGAQQBgjcQBDGBszCBsDCBmzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEt MjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBzVOU8fWu0 zQ1gaQ38zgEbMIHDBgsqhkiG9w0BCRACCzGBs6CBsDCBmzELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50 aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBzVOU8fWu0zQ1gaQ38zgEbMA0GCSqGSIb3 DQEBAQUABIIBAAO3Rs1m25Vz06e7U+OHKzeaFQ2+ME1D0wAJoeO8W8vjQGhG21alGFdJxrIR 5Zd11nTDn2XwsLb3enOOysgcbgKeGVWLSNoSKrP4Q3+pnMUeUya81xFKt7pQHnWORBCKffkq rEUuQzUkEckwjx/nlqJW2fg41305eeRG4rz22YI3oOgphKi0xLyCFXsZ9ECcZCzj3UOOzlCx mLVr1NxfesW8PuOKn6GOhWJ7YkJSoNBzS48rbkclJJFk8FgXEXlytK1zeIdqkisDxg4w+TRY QAHKDmSQPPSP98JSSJD/FwPeTcKzF8KZeo6weLKDRYmUURDrH4jw0Qu9oq6NSbdUd3sAAAAA AAA= --------------ms060407000909030002060308--