Reality check: IPFW sees SSH traffic that sshd does not? - Tadas Miniotas - org.freebsd.freebsd-security

13 messages in org.freebsd.freebsd-securityReality check: IPFW sees SSH traffic ...

From	Sent On	Attachments
David Wolfskill	Mar 21, 2007 12:45 pm
Tadas Miniotas	Mar 21, 2007 1:18 pm
David Wolfskill	Mar 21, 2007 1:32 pm
Bill Moran	Mar 21, 2007 1:37 pm
Richard Jones	Mar 21, 2007 2:12 pm
Dan Lukes	Mar 21, 2007 2:27 pm
Bill Moran	Mar 21, 2007 2:29 pm
W. D.	Mar 21, 2007 2:44 pm
Eygene Ryabinkin	Mar 21, 2007 2:50 pm
Julian Elischer	Mar 21, 2007 11:21 pm
Carl Makin	Mar 21, 2007 11:22 pm
Volker	Mar 22, 2007 1:32 pm
Eygene Ryabinkin	Mar 23, 2007 11:36 am

Subject:	Reality check: IPFW sees SSH traffic that sshd does not?
From:	Tadas Miniotas (tad...@bofh.lt)
Date:	Mar 21, 2007 1:18:10 pm
List:	org.freebsd.freebsd-security

David Wolfskill wrote:

<...> This morning (in reviewing the logs from yesterday), I found a set of 580 such setup requests logged from Mar 20 19:30:06 - Mar 20 19:40:06 (US/Pacific; currently 7 hrs. west of GMT/UTC), each from 204.11.235.148 (part of a VAULT-NETWORKS netblock). The sshd on the internal machine never logged anything corresponding to any of this.

Might be a SYN scan. I believe SSH will not log anything if a three-way handshake has not been completed.

Of course, it would help if you provided ipfw logs to determine exactly what kind of packets it was.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets