Gentoo Archives: gentoo-hardened

From: atoth@××××××××××.hu
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Strange sshd grsec denials
Date: Fri, 22 Feb 2008 05:43:44
Message-Id: 33454.138.26.140.45.1203659018.squirrel@atoth.sote.hu
1 Regular ssh breakin attempts don't scare me. But does any of you have these:
2 "Feb 21 14:40:22 name grsec: From 203.157.129.1: (root:U:/usr/sbin/sshd)
3 denied connect() to 203.157.129.1 port 0 sock type dgram protocol udp by
4 /usr/sbin/sshd[sshd:26333] uid/euid:0/0 gid/egid:0/0, parent
5 /usr/sbin/sshd[sshd:4980] uid/euid:0/0 gid/egid:0/0"
6
7 It's scary to see, that someone tries to get the sshd to connect to
8 exactly the same IP address. Although the port is 0, but anyways. It's
9 clear, that it's not a DNS lookup, which is otherwise permitted for
10 sshd...
11
12 Regards.
13 Dw.
14 --
15 dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962
16 Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962
17
18
19
20 --
21 gentoo-hardened@l.g.o mailing list