FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

LinkBack Thread Tools
Old 12-29-2007, 04:31 PM
Ned Ludd
Default Remote ssh attack: sshd tries to make udp connection to a remote host

For grsec policy related questions I suggest using the upstream
grsec mailing list.

On Sat, 2007-12-29 at 18:11 +0100, atoth@atoth.sote.hu wrote:
> I've found a bunch of these messages in my log:
> "grsec: From (root:U:/usr/sbin/sshd) denied connect() to
> port 0 sock type dgram protocol udp by /usr/sbin/sshd[sshd:19031]
> uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4997] uid/euid:0/0
> gid/egid:0/0"
> Along with these:
> "Address maps to cameo.com.tw, but this does not map back to
> the
> Is it a normal behavior of the sshd to make udp connections to remote
> host? Especially using port 0? I have a feeling somebody could make my
> sshd do bad things without grsec's RBAC system.
> It annoys me. Are there anybody on the list with the same experience or
> who knows more about this?
> Regards,
> Dw.
> --
> dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962
> Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962

gentoo-hardened@gentoo.org mailing list

Thread Tools

All times are GMT. The time now is 04:30 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org