Reality check: IPFW sees SSH traffic that sshd does not?
Tadas Miniotas
tadas at bofh.lt
Wed Mar 21 13:18:26 UTC 2007
David Wolfskill wrote:
> <...>
> This morning (in reviewing the logs from yesterday), I found a set of
> 580 such setup requests logged from Mar 20 19:30:06 - Mar 20 19:40:06
> (US/Pacific; currently 7 hrs. west of GMT/UTC), each from 204.11.235.148
> (part of a VAULT-NETWORKS netblock). The sshd on the internal machine
> never logged anything corresponding to any of this.
Might be a SYN scan. I believe SSH will not log anything if a three-way
handshake has not been completed.
Of course, it would help if you provided ipfw logs to determine exactly
what kind of packets it was.
--
Tadas Miniotas
More information about the freebsd-security
mailing list