openssh concerns
Garrett Wollman
wollman at bimajority.org
Fri Oct 2 01:16:30 UTC 2009
<<On Thu, 01 Oct 2009 17:13:55 -0700, johnea <me at johnea.net> said:
> The thing that concerned me is an entry I saw in netstat showing
> my system connecting back to a machine that was attempting to log
> in to ssh.
> Does the ssh server establish a socket to a client attempting login?
The SSH protocol does not, but you appear to be using "TCP wrappers"
(/etc/hosts.allow) configured in such a way that it make an IDENT
protocol request back to the originating server. This is rarely
likely to do anything useful and should probably be disabled.
> tcp4 0 0 atom.60448 host154.advance.com.ar.auth TIME_WAIT
"auth" is the port number used by the IDENT protocol.
-GAWollman
More information about the freebsd-security
mailing list