John Von Essen john at
Wed Dec 15 15:55:26 PST 2004

Sort of off topic, but thought people here would be interested.

MCI contacted me today because one of my systems is doing ssh logins
(failed) to a box they have no right ssh-ing into. After some packet
analysis, its clear that something is inside my network. The only solid
evidence I have is a machine behind one of my gateways (BigIP) was trying
to download a file called brute3.tar.gz via HTTP from The
download was unsuccessful.

Whatever this thing is, its tricky. It only runs a few times a day, so it
is tough to find the culprit source with ethereal unless I run ethereal
all day. In packet capture mode.

Any thoughts? Has anyone heard of anything like this?


More information about the freebsd-hackers mailing list