ssh in netstat

el kalin kalin at el.net
Wed Jul 1 04:04:02 UTC 2015 

hi all…  looking at output from netstat i see this:

tcp4       0      0  server.name..ssh   218.17.160.22.9225     ESTABLISHED
tcp4       0      0  server.name..http  baiduspider-220-.18248 FIN_WAIT_2
tcp4       0      0  server.name..ssh   cpe-74-73-236-43.51418 ESTABLISHED
tcp4       0      0  server.name..ssh   cpe-74-73-236-43.51326 ESTABLISHED
tcp4       0     48  server.name..ssh   cpe-74-73-236-43.51160 ESTABLISHED


 cpe-74-73-236-43 is me.  218.17.160.22 is some number in that appears to
be in china.

this is from who:

myuser         p0       cpe-74-73-236-43  5:34PM     - traceroute
218.17.160.22
myuser         p1       cpe-74-73-236-43  5:50PM     - w
myuser         p2       cpe-74-73-236-43  5:57PM  3:36 -sh (sh)

how is it that  218.17.160.22 has an established ssh connection and i can't
see it with who? how can i figure out what user is that? there is not
supposed be anybody logging ssh form china to this machine...

thanks…

More information about the freebsd-security mailing list