FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 12-29-2007, 04:31 PM
Ned Ludd
 
Default Remote ssh attack: sshd tries to make udp connection to a remote host

For grsec policy related questions I suggest using the upstream
grsec mailing list.

On Sat, 2007-12-29 at 18:11 +0100, atoth@atoth.sote.hu wrote:
> I've found a bunch of these messages in my log:
> "grsec: From 219.87.17.209: (root:U:/usr/sbin/sshd) denied connect() to
> 219.87.17.3 port 0 sock type dgram protocol udp by /usr/sbin/sshd[sshd:19031]
> uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4997] uid/euid:0/0
> gid/egid:0/0"
> Along with these:
> "Address 219.87.17.209 maps to cameo.com.tw, but this does not map back to
> the
> address - POSSIBLE BREAK-IN ATTEMPT!"
>
> Is it a normal behavior of the sshd to make udp connections to remote
> host? Especially using port 0? I have a feeling somebody could make my
> sshd do bad things without grsec's RBAC system.
>
> It annoys me. Are there anybody on the list with the same experience or
> who knows more about this?
>
> Regards,
> Dw.
> --
> dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962
> Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962
>

--
gentoo-hardened@gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 04:30 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org