Re: Reality check: IPFW sees SSH traffic that sshd does not?

看板FB_security作者時間19年前 (2007/03/21 22:30), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串6/14 (看更多)
David Wolfskill wrote: >> Might be a SYN scan. I believe SSH will not log anything if a three-way >> handshake has not been completed. The application layer can accept only "completed" connections, so handshaking must be successfully completed first before the application can accept the incoming connection. It's not SSH specific behavior. >> Of course, it would help if you provided ipfw logs to determine exactly >> what kind of packets it was. > Mar 20 09:12:29 janus kernel: ipfw: 10000 Accept TCP 204.11.235.148:26102 172.16.8.11:22 out via vr0 > Mar 20 19:30:07 janus kernel: ipfw: 10000 Accept TCP 204.11.235.148:33000 172.16.8.11:22 out via vr0 It may not help. We can see packet in one direction but not in opposite. Unfortunately, we can't decide it's because there are no reply packets or the response packets are not logged by your configuration. Dan _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 dan. 的文章
文章代碼(AID): #160K5g00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 6 之 14 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共14篇)
更多 dan. 的文章
文章代碼(AID): #160K5g00 (FB_security)