Manuel Monteiro wrote:
Hello,
Today I updated one of our computers running CentOS 5.3 32bit. After a reboot I notice the following with lsof –i
sshd 3638 root 3u IPv6 17317 TCP pc46.astro.up.pt:ssh->119.1.193.205:zephyr-clt (ESTABLISHED)
sshd 3639 sshd 3u IPv6 17317 TCP pc46.astro.up.pt:ssh->119.1.193.205:zephyr-clt (ESTABLISHED)
What is this connection?
IPtables is on and SELinux is on enforcing mode.
Looks like an ssh connection from 119.1.193.205 port 2103 (defined as "zephyr-clt" in /etc/services).
Yes... dumb question! Sorry.
Forgot that, in lsof, this is a connection from (and not *to*) 119.1.193.205
One more SSH brute force attack.
Thanks, Manuel
Manuel Monteiro wrote:
Hello,
sshd 3638 root 3u IPv6 17317 TCP pc46.astro.up.pt:ssh->119.1.193.205:zephyr-clt (ESTABLISHED)
sshd 3639 sshd 3u IPv6 17317 TCP pc46.astro.up.pt:ssh->119.1.193.205:zephyr-clt (ESTABLISHED)
Looks like an ssh connection from 119.1.193.205 port 2103 (defined as "zephyr-clt" in /etc/services).
-
Bowie Bailey -
Manuel Monteiro