Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Mar 2007 15:03:51 +0200
From:      Tadas Miniotas <tadas@bofh.lt>
To:        freebsd-security@freebsd.org
Subject:   Re: Reality check: IPFW sees SSH traffic that sshd does not?
Message-ID:  <46012D37.5060603@bofh.lt>
In-Reply-To: <20070321123033.GD31533@bunrab.catwhisker.org>
References:  <20070321123033.GD31533@bunrab.catwhisker.org>

next in thread | previous in thread | raw e-mail | index | archive | help
David Wolfskill wrote:
> <...>
> This morning (in reviewing the logs from yesterday), I found a set of
> 580 such setup requests logged from Mar 20 19:30:06 - Mar 20 19:40:06
> (US/Pacific; currently 7 hrs. west of GMT/UTC), each from 204.11.235.148
> (part of a VAULT-NETWORKS netblock).  The sshd on the internal machine
> never logged anything corresponding to any of this.

Might be a SYN scan. I believe SSH will not log anything if a three-way
handshake has not been completed.

Of course, it would help if you provided ipfw logs to determine exactly
what kind of packets it was.

-- 
Tadas Miniotas



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46012D37.5060603>