From owner-freebsd-security@FreeBSD.ORG Wed Jul 2 00:19:34 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3644237B499 for ; Wed, 2 Jul 2003 00:19:34 -0700 (PDT) Received: from mx2.drweb.ru (blag1.drweb.ru [62.16.103.221]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A15043FA3 for ; Wed, 2 Jul 2003 00:19:32 -0700 (PDT) (envelope-from nikolaj@drweb.ru) Received: from ppp252.leivo.ru (ppp252.leivo.ru [194.105.199.252]) by mx2.drweb.ru (Postfix) with ESMTP id 86AD2AC64 for ; Wed, 2 Jul 2003 11:19:24 +0400 (MSD) Date: Wed, 2 Jul 2003 11:19:23 +0400 From: "Nikolaj I. Potanin" X-Mailer: The Bat! (v1.61) Business Organization: ID Anti-Virus Lab (SalD Ltd) X-Priority: 3 (Normal) Message-ID: <1881663278.20030702111923@drweb.ru> To: freebsd-security@freebsd.org In-Reply-To: <200307011432.54750.tarmo@momentor.ee> References: <200307011432.54750.tarmo@momentor.ee> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: tcp 22 > tcp 22 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jul 2003 07:19:35 -0000 > Jul 1 13:34:35 fbsd /kernel: ipfw: 1400 Accept TCP xxxxxx:22 yyyyy:22 in via > ed1 > where xxxxxx is the attacker's IP and yyyyy is my box. > Also, as you can see, the connection is made from port 22 to port 22, which is > odd. http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22441 - maybe this could explain your case? -- Nikolaj I. Potanin, SA http://www.drweb.ru ID Anti-Virus Lab (SalD Ltd) nikolaj@drweb.ru St. Petersburg, Russia ph.: +7-812-3888624