Security Incidents mailing list archives
ssh wierdness
From: spiff () BWAY NET (spiff)
Date: Sat, 26 Feb 2000 05:38:16 -0500
Hello All This is my first posting to the list, so if it's off topic please go lightly on me. Running lsof on a suspect OpenBSD 2.6 i386 box, patched to the latest (jan 31) patchlevel, I see this: # /usr/local/sbin/lsof -i | grep ssh sshd 5249 root 3u IPv4 0xe0da5b00 0t0 TCP host:ssh (LISTEN) sshd 19463 root 5u IPv4 0t0 TCP can't read inpcb at 0x00000000 sshd 32487 root 5u IPv4 0t0 TCP can't read inpcb at 0x00000000 What is that? I suspect they are ssh connections with the other endpoint hidden somehow. How would someone do this? What would I look for?
Current thread:
- Re: @home: Is *anyone* really home there???, (continued)
- Re: @home: Is *anyone* really home there??? The Undernet Bonk (Feb 24)
- Received message from Russian hackers David Meissner (Feb 25)
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? David Kennedy CISSP (Feb 28)
- TIS and fingerprinting Dino Amato (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- ssh wierdness spiff (Feb 26)
- Re: ssh wierdness Markus Friedl (Feb 28)