wireshark issue

[Jon Radel]

On 2/9/17 5:44 PM, sixto areizaga wrote:
> Has anyone experienced something similar or have any info about the
> following using wireshark...
> 
>  
> I was working on a webpage [that isn't up yet] no outside connections
> established, I started apache [from computer #1], started wireshark
> [same node] and opened firefox [computer #2] and for the url I did a
> 192.168.etc.etc
> 
> looking though packets transfered there was a transfer from outside my
> network - (the ip might be in China) - it used putty [with sshv2] to
> get a server/client key exchange.
> 
> it looked like a mobile device running a script except using putty 
> 
> anyone have a similar problem? 

Somebody already answered the first time you asked this question.  Why
ask again?

Yes, there are people out on the Internet who constantly scan ipv4
addresses for any number of interesting servers, and that most certainly
includes ssh servers.  This should be obvious if you have a machine that
allows for connections to port tcp/22 from the Internet at large--just
look at the log of failed connection attempts or fire up a copy of
wireshark.

If you don't like it, block the traffic using a firewall.  You can also
move your ssh server to a different port, which will reduce the noise
considerably and pretty predictably start an argument about "security by
obscurity is not really security."

Really, the only part of your question that *I* find remotely
interesting is how you determined that the client is actually a copy of
putty running on a mobile device, or at least looks like it is?


-- 
--Jon Radel
jon at radel.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3890 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170209/2925dfa9/attachment.bin>