Date: Thu, 1 Oct 2009 20:50:23 -0400 From: Garrett Wollman <wollman@bimajority.org> To: johnea <me@johnea.net> Cc: freebsd-security@freebsd.org Subject: openssh concerns Message-ID: <19141.20047.694147.865710@hergotha.csail.mit.edu> In-Reply-To: <4AC545C3.9020608@johnea.net> References: <4AC545C3.9020608@johnea.net>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 01 Oct 2009 17:13:55 -0700, johnea <me@johnea.net> said: > The thing that concerned me is an entry I saw in netstat showing > my system connecting back to a machine that was attempting to log > in to ssh. > Does the ssh server establish a socket to a client attempting login? The SSH protocol does not, but you appear to be using "TCP wrappers" (/etc/hosts.allow) configured in such a way that it make an IDENT protocol request back to the originating server. This is rarely likely to do anything useful and should probably be disabled. > tcp4 0 0 atom.60448 host154.advance.com.ar.auth TIME_WAIT "auth" is the port number used by the IDENT protocol. -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19141.20047.694147.865710>