Site Navigation

Date:      Thu, 9 Feb 2017 18:22:23 -0500
From:      Jon Radel <jon@radel.com>
To:        sixto areizaga <thenewcq@optimum.net>, freebsd-questions@freebsd.org
Subject:   Re: wireshark issue
Message-ID:  <c2dd4d2c-0e7c-42f0-9eef-2cb734421767@radel.com>
In-Reply-To: <20170209174405.5d551b88@newer.home>
References:  <CAKM9q91KKxtqXRTG84Szefww%2BR--S1A7wvgSx5LV3jNS90=4qw@mail.gmail.com> <20170209174405.5d551b88@newer.home>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On 2/9/17 5:44 PM, sixto areizaga wrote:
> Has anyone experienced something similar or have any info about the
> following using wireshark...
> 
>  
> I was working on a webpage [that isn't up yet] no outside connections
> established, I started apache [from computer #1], started wireshark
> [same node] and opened firefox [computer #2] and for the url I did a
> 192.168.etc.etc
> 
> looking though packets transfered there was a transfer from outside my
> network - (the ip might be in China) - it used putty [with sshv2] to
> get a server/client key exchange.
> 
> it looked like a mobile device running a script except using putty 
> 
> anyone have a similar problem? 

Somebody already answered the first time you asked this question.  Why
ask again?

Yes, there are people out on the Internet who constantly scan ipv4
addresses for any number of interesting servers, and that most certainly
includes ssh servers.  This should be obvious if you have a machine that
allows for connections to port tcp/22 from the Internet at large--just
look at the log of failed connection attempts or fire up a copy of
wireshark.

If you don't like it, block the traffic using a firewall.  You can also
move your ssh server to a different port, which will reduce the noise
considerably and pretty predictably start an argument about "security by
obscurity is not really security."

Really, the only part of your question that *I* find remotely
interesting is how you determined that the client is actually a copy of
putty running on a mobile device, or at least looks like it is?


-- 
--Jon Radel
jon@radel.com


[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e
0�	*�H��


��
�0��0���
�#��S��anzTgk!0
	*�H��


0o10	USE10U
AddTrust AB1&0$UAddTrust External TTP Network1"0 UAddTrust External CA Root0
141222000000Z
200530104838Z0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CA0�
"0
	*�H��



�
0�

�

��
�zSNpR�V�&��I���Q���ZI���`�zQB�y��"�aN��v#
�J�	�n�=ٺ�����.CRC|�2PȦOZ��ϓ%�{��0d��V��*$3��D�i��FK�3��@�����@���:�*S��= a<U��Nv%!)��|qvO��_���T���{5R���"=,0-1Y�R7�3i-C��֥�wgQ���'뼥8v���8�ߌ��I���s�:2���:=F:WtaP��@?��⟢!

��
0�
0U#0����z4�&���&T���$�T0U�ak�ᢠ�O�g�£�����0U

�
�0U

�0

�
0U%0+
+
0U 
00U 0DU=0;09�7�5�3http://crl.usertrust.com/AddTrustExternalCARoot.crl05+


)0'0%+
0
�http://ocsp.usertrust.com0
	*�H��


�

*n�U�:������U�ka+�	#��fjo����w^a�}�������[jr
A���X�&���M������X�"c�R��6�}X�ޫ;c���s����{���B#�ʶ�M>�K��-�ػBK�i�ۦ74�{�
���:ǟO�4n�e�������6����d)5�ֱ�q�C��>��2S�v�ʆ4�,��Jؙ
��␒�ZBj#!�e��ջ~ꌅ b��:,Yř3�8���zy�J&�|���0��0��
sT�<}k��
`i
��
0
	*�H��


0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CA0
150330000000Z
180329235959Z0��10	UUS10U2215010	UVA10USpringfield10U	6917 Ridgeway Dr.10U
Jon T. Radel1200U)Issued through Jon T. Radel E-PKI Manager10UCorporate Secure Email10U	Jon Radel10	*�H��

	

jon@radel.com0�
"0
	*�H��



�
0�

�

��a�Щ������@@g3eGރ�͛�;	�d�#��>�q7&Hf�
:��3�v�L"��jV#�Xݷ�>U��-�H[$�S�Uڻ�{�Ϝ�,���z¶���I���chO��=rcy��r����n�v.V��h�7��k;���%u�e�Y��uӬ��󯅅���n�z����6!| !�A�ȡ�+�,�����u�+ 
�CA�պF-��u�n�#�vj���UJ��W�nk%�j]�
2�JP�kl��

��
�0�
�0U#0��ak�ᢠ�O�g�£�����0U��
�E�|G�Dp��/�ʚB�0U

��0U

�00U%0+
+
0FU ?0=0;+

�1

0+0)+

https://secure.comodo.net/CPS0]UV0T0R�P�N�Lhttp://crl.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crl0��+


��0��0X+
0�Lhttp://crt.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crt0$+
0
�http://ocsp.comodoca.com0U0�
jon@radel.com0
	*�H��


�

KS��`?���H���_D`�8G߿VbĘ��<��t�B-Ӈї|��{'��Ũ�ݹg0Gp�$��������������%F(;*��M��O*g����t�$@�����t6���,�?0���|�#�ă�z�,�&!{j�2i��[%�b�7ߪ�P+�9G�㲍["y<?���8rZ'��[U���R6%����L̤
��w"�=:L����~�Ƨ^��jf���3�6� ��OP��1�•.}(��e�1�A0�=

0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��
0
	`�H
e
��a0	*�H��

	1	*�H��


0	*�H��

	1
170209232223Z0/	*�H��

	1" B�1���c�B�#���y���(�!K�Q�җ0l	*�H��

	1_0]0	`�H
e
*0	`�H
e
0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71��0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��
0��*�H��

	1�����0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��
0
	*�H��



�
�F�fەsӧ�S�+7�
�0MC�	��[��@hF�V�WIƲ�u�tße��zs���n�U�H�*��C���S&��J��Pu�D�}�*�E.C5$�0�疢V��8�}9y�F��ق7��)���ļ�{�@�d,��C��P���k��_zż>㊟���b{bBR��sK�+nG%$�d�Xyr��sx�j�+�0�4X@
�d�<���RH���M³™z��x��E��Q��������I�Tw{

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c2dd4d2c-0e7c-42f0-9eef-2cb734421767>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact