hi all… looking at output from netstat i see this: tcp4 0 0 server.name..ssh 218.17.160.22.9225 ESTABLISHED tcp4 0 0 server.name..http baiduspider-220-.18248 FIN_WAIT_2 tcp4 0 0 server.name..ssh cpe-74-73-236-43.51418 ESTABLISHED tcp4 0 0 server.name..ssh cpe-74-73-236-43.51326 ESTABLISHED tcp4 0 48 server.name..ssh cpe-74-73-236-43.51160 ESTABLISHED
cpe-74-73-236-43 is me. 218.17.160.22 is some number in that appears to be in china. this is from who: myuser p0 cpe-74-73-236-43 5:34PM - traceroute 218.17.160.22 myuser p1 cpe-74-73-236-43 5:50PM - w myuser p2 cpe-74-73-236-43 5:57PM 3:36 -sh (sh) how is it that 218.17.160.22 has an established ssh connection and i can't see it with who? how can i figure out what user is that? there is not supposed be anybody logging ssh form china to this machine... thanks… _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
