Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   Remote ssh attack: sshd tries to make udp connection to a remote host (http://www.linux-archive.org/gentoo-hardened/24650-remote-ssh-attack-sshd-tries-make-udp-connection-remote-host.html)

Ned Ludd 12-29-2007 04:31 PM

Remote ssh attack: sshd tries to make udp connection to a remote host
 
For grsec policy related questions I suggest using the upstream
grsec mailing list.

On Sat, 2007-12-29 at 18:11 +0100, atoth@atoth.sote.hu wrote:
> I've found a bunch of these messages in my log:
> "grsec: From 219.87.17.209: (root:U:/usr/sbin/sshd) denied connect() to
> 219.87.17.3 port 0 sock type dgram protocol udp by /usr/sbin/sshd[sshd:19031]
> uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4997] uid/euid:0/0
> gid/egid:0/0"
> Along with these:
> "Address 219.87.17.209 maps to cameo.com.tw, but this does not map back to
> the
> address - POSSIBLE BREAK-IN ATTEMPT!"
>
> Is it a normal behavior of the sshd to make udp connections to remote
> host? Especially using port 0? I have a feeling somebody could make my
> sshd do bad things without grsec's RBAC system.
>
> It annoys me. Are there anybody on the list with the same experience or
> who knows more about this?
>
> Regards,
> Dw.
> --
> dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962
> Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962
>

--
gentoo-hardened@gentoo.org mailing list


All times are GMT. The time now is 09:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.