Date: Wed, 25 Jul 2001 14:44:52 +0300 From: Peter Pentchev <roam@orbitel.bg> To: jett <tayerv@team.ph.inter.net> Cc: freebsd-bugs <freebsd-bugs@freebsd.org> Subject: Re: broken into via ssh? Message-ID: <20010725144452.A84551@ringworld.oblivion.bg> In-Reply-To: <013401c114b2$20c37860$4b443dca@jett>; from tayerv@team.ph.inter.net on Wed, Jul 25, 2001 at 10:33:01AM %2B0800 References: <013401c114b2$20c37860$4b443dca@jett>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 25, 2001 at 10:33:01AM +0800, jett wrote: > im running freebsd 3.5-stable > when i did netstat -an | grep LISTEN > > here's the result > > bash-2.04$ netstat -an | grep LISTEN > tcp 0 0 *.80 *.* LISTEN > tcp 0 0 *.443 *.* LISTEN > tcp 0 0 *.31341 *.* LISTEN > tcp 0 0 *.22 *.* LISTEN > > noticed the 31341 port that is listening > then i did > > bash-2.04$ telnet localhost 31341 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > SSH-1.5-1.2.27 > > then on port 22 > bash-2.04$ telnet localhost 22 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > SSH-1.5-OpenSSH_2.9p2 > > i was surprised that i was running two different versions of ssh. was my server broken into? As Bill Fumerola said, almost certainly. To answer the question in your other message, no, there have been no recent SSH (or in particular, OpenSSH) buglets uncovered. There has been a problem with ssh.com's SSH 3.0.0, but it definitely does not apply to OpenSSH. From looking at your services list it would seem that either httpd by itself, or some script you have on your website was used to break in. G'luck, Peter -- This sentence contains exactly threee erors. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010725144452.A84551>