Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Jul 2015 00:10:29 -0400
From:      el kalin <kalin@el.net>
To:        freebsd-security@freebsd.org
Subject:   Re: ssh in netstat
Message-ID:  <CAMJXocn%2Bjy8t_5iJYb%2BN0P7kpPNTKS7E_6EyqO_ghmL1kOyq0g@mail.gmail.com>
In-Reply-To: <CAMJXockbayTOj51aVOuKyo-x7-wg8=zSUXm6K%2Bw8YkgdguBeHw@mail.gmail.com>
References:  <CAMJXockbayTOj51aVOuKyo-x7-wg8=zSUXm6K%2Bw8YkgdguBeHw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
nevermind=E2=80=A6.   i got it=E2=80=A6.

thanks anyway=E2=80=A6

On Wed, Jul 1, 2015 at 12:03 AM, el kalin <kalin@el.net> wrote:

>
> hi all=E2=80=A6  looking at output from netstat i see this:
>
> tcp4       0      0  server.name..ssh   218.17.160.22.9225     ESTABLISHE=
D
> tcp4       0      0  server.name..http  baiduspider-220-.18248 FIN_WAIT_2
> tcp4       0      0  server.name..ssh   cpe-74-73-236-43.51418 ESTABLISHE=
D
> tcp4       0      0  server.name..ssh   cpe-74-73-236-43.51326 ESTABLISHE=
D
> tcp4       0     48  server.name..ssh   cpe-74-73-236-43.51160 ESTABLISHE=
D
>
>
>  cpe-74-73-236-43 is me.  218.17.160.22 is some number in that appears to
> be in china.
>
> this is from who:
>
> myuser         p0       cpe-74-73-236-43  5:34PM     - traceroute
> 218.17.160.22
> myuser         p1       cpe-74-73-236-43  5:50PM     - w
> myuser         p2       cpe-74-73-236-43  5:57PM  3:36 -sh (sh)
>
> how is it that  218.17.160.22 has an established ssh connection and i
> can't see it with who? how can i figure out what user is that? there is n=
ot
> supposed be anybody logging ssh form china to this machine...
>
> thanks=E2=80=A6
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMJXocn%2Bjy8t_5iJYb%2BN0P7kpPNTKS7E_6EyqO_ghmL1kOyq0g>