ssh in netstat
el kalin
kalin at el.net
Wed Jul 1 04:10:31 UTC 2015
nevermind…. i got it….
thanks anyway…
On Wed, Jul 1, 2015 at 12:03 AM, el kalin <kalin at el.net> wrote:
>
> hi all… looking at output from netstat i see this:
>
> tcp4 0 0 server.name..ssh 218.17.160.22.9225 ESTABLISHED
> tcp4 0 0 server.name..http baiduspider-220-.18248 FIN_WAIT_2
> tcp4 0 0 server.name..ssh cpe-74-73-236-43.51418 ESTABLISHED
> tcp4 0 0 server.name..ssh cpe-74-73-236-43.51326 ESTABLISHED
> tcp4 0 48 server.name..ssh cpe-74-73-236-43.51160 ESTABLISHED
>
>
> cpe-74-73-236-43 is me. 218.17.160.22 is some number in that appears to
> be in china.
>
> this is from who:
>
> myuser p0 cpe-74-73-236-43 5:34PM - traceroute
> 218.17.160.22
> myuser p1 cpe-74-73-236-43 5:50PM - w
> myuser p2 cpe-74-73-236-43 5:57PM 3:36 -sh (sh)
>
> how is it that 218.17.160.22 has an established ssh connection and i
> can't see it with who? how can i figure out what user is that? there is not
> supposed be anybody logging ssh form china to this machine...
>
> thanks…
>
>
More information about the freebsd-security
mailing list