From owner-freebsd-bugs Tue Jul 24 19:42:56 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from laguna.i-next.net (laguna.i-next.net [202.61.68.66]) by hub.freebsd.org (Postfix) with ESMTP id B91EE37B403 for ; Tue, 24 Jul 2001 19:42:51 -0700 (PDT) (envelope-from tayerv@team.ph.inter.net) Received: from jett (bsd.i-next.net [202.61.68.75]) by laguna.i-next.net (Postfix) with SMTP id B184A24EA3 for ; Wed, 25 Jul 2001 10:51:12 +0800 (PHT) Message-ID: <013401c114b2$20c37860$4b443dca@jett> From: "jett" To: "freebsd-bugs" Subject: broken into via ssh? Date: Wed, 25 Jul 2001 10:33:01 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0131_01C114F5.2E480760" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0131_01C114F5.2E480760 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable im running freebsd 3.5-stable=20 when i did netstat -an | grep LISTEN here's the result bash-2.04$ netstat -an | grep LISTEN tcp 0 0 *.80 *.* LISTEN tcp 0 0 *.443 *.* LISTEN tcp 0 0 *.31341 *.* LISTEN tcp 0 0 *.22 *.* LISTEN noticed the 31341 port that is listening then i did=20 bash-2.04$ telnet localhost 31341 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-1.5-1.2.27 then on port 22 bash-2.04$ telnet localhost 22 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-1.5-OpenSSH_2.9p2 i was surprised that i was running two different versions of ssh. was my = server broken into? ------=_NextPart_000_0131_01C114F5.2E480760 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

im running freebsd 3.5-stable =

when i did netstat -an | grep = LISTEN

here's the result

bash-2.04$ netstat=20 -an | grep LISTEN
tcp       =20 0      0=20 *.80           &nb= sp;     =20 *.*           &nbs= p;      =20 LISTEN
tcp       =20 0      0=20 *.443           &n= bsp;    =20 *.*           &nbs= p;      =20 LISTEN
tcp       =20 0      0=20 *.31341           =    =20 *.*           &nbs= p;      =20 LISTEN
tcp       =20 0      0=20 *.22           &nb= sp;     =20 *.*           &nbs= p;      =20 LISTEN

noticed the 31341 port that is=20 listening

then i did

bash-2.04$ telnet localhost = 31341
Trying=20 127.0.0.1...
Connected to localhost.
Escape character is=20 '^]'.
SSH-1.5-1.2.27

then on port 22

bash-2.04$ telnet localhost = 22
Trying=20 127.0.0.1...
Connected to localhost.
Escape character is=20 '^]'.
SSH-1.5-OpenSSH_2.9p2

i was surprised that i was running two = different=20 versions of ssh. was my server broken into?

------=_NextPart_000_0131_01C114F5.2E480760-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message