[CentOS] CentOS6 - Break in attempt? What is the Exploit?
Eero Volotinen
eero.volotinen at iki.fi
Mon Sep 21 09:41:29 UTC 2015
well. sounds like some automatic deploytment tool? error ip ip address or
other configuration failure?
http://stackoverflow.com/questions/6356212/ant-scp-task-failure
--
Eero
2015-09-21 11:29 GMT+03:00 James B. Byrne <byrnejb at harte-lyne.ca>:
> This morning's log review revealed this sshd log entry on one of our
> web services hosts:
>
> Received disconnect:
> 11: disconnected by user : 2 Time(s)
> 3: com.jcraft.jsch.JSchException: reject HostKey: 216.185.71.170 :
> 1 Time(s)
>
>
> The IP address used is that of a public facing database query page for
> our freight transit information. It is itself a virtual IP address
> hosted on the system reporting the error. In other words, if this
> were a legitimate connection then the situation would be that of an
> ssh client connecting to an sshd server running on the same host
> albeit each using a different IP address. In other words, the
> hostkeys would be identical.
>
> It seems to me that someone attempted an ssh connection while spoofing
> our internal address. Is such a thing even possible? If so then how
> does it work?
>
> What is com.jcraft.jsch?
>
>
> --
> *** e-Mail is NOT a SECURE channel ***
> Do NOT transmit sensitive data via e-Mail
> James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited http://www.harte-lyne.ca
> 9 Brockley Drive vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada L8E 3C3
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list