CentOS6 - Break in attempt? What is the Exploit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



This morning's log review revealed this sshd log entry on one of our
web services hosts:

 Received disconnect:
    11: disconnected by user : 2 Time(s)
    3: com.jcraft.jsch.JSchException: reject HostKey: 216.185.71.170 :
1 Time(s)


The IP address used is that of a public facing database query page for
our freight transit information. It is itself a virtual IP address
hosted on the system reporting the error.  In other words, if this
were a legitimate connection then the situation would be that of an
ssh client connecting to an sshd server running on the same host
albeit each using a different IP address.  In other words, the
hostkeys would be identical.

It seems to me that someone attempted an ssh connection while spoofing
our internal address.  Is such a thing even possible? If so then how
does it work?

What is com.jcraft.jsch?


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux