[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] ssh listening on ports 81 & 444

Subject: RE: [cobalt-security] ssh listening on ports 81 & 444
From: "lists" <lists@xxxxxxxxxx>
Date: Tue, 17 Feb 2004 17:09:42 GMT
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

dmitri wrote:

ssh listening at ports 81 and 444 means someone, maybe you,have set up port forwarding to have secure connection withadmin interface.

Is that normal? I do have a secure connection to the admin interface --https with a self-signed certificat -- but didn't think it had anything todo with ssh -- please correct me if I am wrong. Could someone have donesometing on the raq550 admin interface to set up this sort of portforwarding? Im the only one with a shell (AFAIK!).Once I killed those instances of ssh that were listening on ports 81 & 444it hasn't happenend again, and I can find nothing else abnormal on thesystem.Also, I can't see any point in someone doing this for malicious purposes asports 81 & 444 were closed to the world on the firewall (watchguardfirebox), and sshd was listening to the world on 22.I have taken the machine off the network -- Am I right to be so paraniod?Thanks for your time, Julian

Follow-Ups:
- Re: [cobalt-security] ssh listening on ports 81 & 444
  - From: Dmitry Alexeyev

Prev by Date: [cobalt-security] Apache problems?? Help
Next by Date: [cobalt-security] openssl exploitable still?
Previous by thread: Re: [cobalt-security] Odd entries in passwd file?
Next by thread: Re: [cobalt-security] ssh listening on ports 81 & 444

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index