[Cialug] Rogue SSH Connections
L. V. Lammert
lvl at omnitec.net
Mon Oct 7 15:40:45 CDT 2013
On Mon, 7 Oct 2013, Barry Von Ahsen wrote:
> lsof needs -i4 to show internet "files" - does
>
Just had another one opened, .. however nothing showed with the lsof -i
:newport! Bummer!
Just saw a packet from the Linux box:
15:38:16.178325 IP marvel.omnitec.net.60323 > apollo.omnitec.net.ssh:
Flags [P.], seq 2576624798:2576624830, ack 3719789715, win 164, options
[nop,nop,TS val 406592169 ecr 4170988026], length 32
Nothing in netstat, .. nothing is lsof, .. I guess whatever process is
generating the traffic is not maintaining an open socket? That would
explain the operation, but, unfortunately, no help with finding it.
Lee
More information about the Cialug
mailing list