sshd sending packets outside lan during local connection

Sun, 13 Jan 2002 21:27:42 -0600

I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall for a local network. It has 2 nic cards, one with an internal ip and one with an external ip. When I ssh locally (to the internal ip)to this firewall it sends out packets to my ISP. If I unplug the "external ip" nic before entering the password then the connection pauses for about a minute before connecting.
I am no expert as I have just started using Debian, but it seems like the password is being sniffed. I'm not exactly sure what the tcpdump output shows (ATTACHED with route info) but it seems to be doing a domain name look up (but I could be wrong). I have no idea why it would have to do a domain look-up because I connect via ip address (ssh [EMAIL PROTECTED]) which is inside the local network. 


Earlier I made the mistake of offering bind publicly.  I recently changed 
this but I don't know if I was compromised during the time it was public.  I 
am hoping this is just a misconfiguration problem.  Any suggestions would be 
greatly appreciated.  Thanks in advance.


--Jeff
Debian user


_________________________________________________________________

Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


Attachment:
sshtraffic

Description: Binary data






















					Reply via email to