Op 14 mei 2014 om 07:48 heeft Johan Beisser <j...@caustic.org> het volgende
geschreven:
> On Tue, May 13, 2014 at 10:31 PM, Johan Ryberg <jo...@securit.se> wrote:
>> Yes, it's related to a SSH brute force attack.
>>
>> I have just never seen the the "client" IP in the routing table before. My
>> IP does not exist in the routing table when I SSH to the host.
>
> The IP shouldn't be there, at all. But, according to the route flags
> ('D' in this case), it's in there due to a redirect.
>
>> I have a hard time to understand the mechanism that added the IP to the
>> table.
>>
>> Is this something that can be explained?
>
> My assumption is there was an ICMP redirect that added the IP to your table.
>
> Check to see if you're accepting redirects. By default, OpenBSD has them as
> off.
There are more reasons dynamic route entries are createf. For example to record
results of mtu path discovery.
-Otto
