Security Incidents mailing list archives
Re: ssh wierdness
From: markus () OPENBSD ORG (Markus Friedl)
Date: Mon, 28 Feb 2000 14:20:51 +0100
are you sure that you are not using an old lsof binary? does fstat give the 'correct' information? On Sat, Feb 26, 2000 at 05:38:16AM -0500, spiff wrote:
Hello All This is my first posting to the list, so if it's off topic please go lightly on me. Running lsof on a suspect OpenBSD 2.6 i386 box, patched to the latest (jan 31) patchlevel, I see this: # /usr/local/sbin/lsof -i | grep ssh sshd 5249 root 3u IPv4 0xe0da5b00 0t0 TCP host:ssh (LISTEN) sshd 19463 root 5u IPv4 0t0 TCP can't read inpcb at 0x00000000 sshd 32487 root 5u IPv4 0t0 TCP can't read inpcb at 0x00000000 What is that? I suspect they are ssh connections with the other endpoint hidden somehow. How would someone do this? What would I look for?
Current thread:
- Received message from Russian hackers, (continued)
- Received message from Russian hackers David Meissner (Feb 25)
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? David Kennedy CISSP (Feb 28)
- TIS and fingerprinting Dino Amato (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- ssh wierdness spiff (Feb 26)
- Re: ssh wierdness Markus Friedl (Feb 28)