Re: IPTABLEs and port scanning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 01/05/2010 03:30 PM, James B. Byrne wrote:
> I see many entries in /var/log/secure similar to these:
>
> . . .
> /var/log/secure.1:Dec 31 08:00:55 gway01 sshd[7220]: Received
> disconnect from 93.89.144.31: 11: Bye Bye
> /var/log/secure.1:Dec 31 08:00:58 gway01 sshd[7221]: Failed password
> for root from 93.89.144.31 port 60100 ssh2
> /var/log/secure.1:Dec 31 08:00:58 gway01 sshd[7222]: Received
> disconnect from 93.89.144.31: 11: Bye Bye
> /var/log/secure.1:Dec 31 08:01:02 gway01 sshd[7223]: Failed password
> for root from 93.89.144.31 port 60962 ssh2
> /var/log/secure.1:Dec 31 08:01:02 gway01 sshd[7224]: Received
> disconnect from 93.89.144.31: 11: Bye Bye
> /var/log/secure.1:Dec 31 08:01:05 gway01 sshd[7227]: Failed password
> for root from 93.89.144.31 port 33612 ssh2
> /var/log/secure.1:Dec 31 08:01:05 gway01 sshd[7228]: Received
> disconnect from 93.89.144.31: 11: Bye Bye
> /var/log/secure.1:Dec 31 08:01:09 gway01 sshd[7229]: Failed password
> for root from 93.89.144.31 port 34504 ssh2
> . . .
>
> As you can see, the ports are not those associated with the service
> requested.  SSHD is configured to listen on the standard port (22)
> and only on a single IP address that is supposed to be reachable
> only from the internal network (this is a multi-homed system
> configured as a gateway).
>

Those are the *source ports* from the attacking host, not the 
destination port on which you are running SSH. I /assume/ the number 
enclosed in '[]' to be the pid of the sshd instance associated with the 
connection attempt.

Hope that helps.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux