[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] ssh listening on ports 81 & 444
- Subject: RE: [cobalt-security] ssh listening on ports 81 & 444
- From: "lists" <lists@xxxxxxxxxx>
- Date: Tue, 17 Feb 2004 17:09:42 GMT
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
dmitri wrote:
ssh listening at ports 81 and 444 means someone, maybe you,
have set up port forwarding to have secure connection with
admin interface.
Is that normal? I do have a secure connection to the admin interface --
https with a self-signed certificat -- but didn't think it had anything to
do with ssh -- please correct me if I am wrong. Could someone have done
someting on the raq550 admin interface to set up this sort of port
forwarding? Im the only one with a shell (AFAIK!).
Once I killed those instances of ssh that were listening on ports 81 & 444
it hasn't happenend again, and I can find nothing else abnormal on the
system.
Also, I can't see any point in someone doing this for malicious purposes as
ports 81 & 444 were closed to the world on the firewall (watchguard
firebox), and sshd was listening to the world on 22.
I have taken the machine off the network -- Am I right to be so paraniod?
Thanks for your time, Julian