Date: Wed, 1 Jul 2015 00:03:54 -0400 From: el kalin <kalin@el.net> To: freebsd-security@freebsd.org Subject: ssh in netstat Message-ID: <CAMJXockbayTOj51aVOuKyo-x7-wg8=zSUXm6K%2Bw8YkgdguBeHw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
hi all… looking at output from netstat i see this: tcp4 0 0 server.name..ssh 218.17.160.22.9225 ESTABLISHED tcp4 0 0 server.name..http baiduspider-220-.18248 FIN_WAIT_2 tcp4 0 0 server.name..ssh cpe-74-73-236-43.51418 ESTABLISHED tcp4 0 0 server.name..ssh cpe-74-73-236-43.51326 ESTABLISHED tcp4 0 48 server.name..ssh cpe-74-73-236-43.51160 ESTABLISHED cpe-74-73-236-43 is me. 218.17.160.22 is some number in that appears to be in china. this is from who: myuser p0 cpe-74-73-236-43 5:34PM - traceroute 218.17.160.22 myuser p1 cpe-74-73-236-43 5:50PM - w myuser p2 cpe-74-73-236-43 5:57PM 3:36 -sh (sh) how is it that 218.17.160.22 has an established ssh connection and i can't see it with who? how can i figure out what user is that? there is not supposed be anybody logging ssh form china to this machine... thanks…
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMJXockbayTOj51aVOuKyo-x7-wg8=zSUXm6K%2Bw8YkgdguBeHw>