[Sussex] unauthorised ssh attempts

Tony Austin tony at gigaday.com
Fri Aug 20 11:12:46 UTC 2004

> I could be wrong here, but my understanding (and it was a while since I
> looked at this) is that the original connection for any IP 'transaction'
> will be on the standardised port (either specified by you or a defaulted
> value) - ie port 22.  After this, the process will select another port to
> communicate on.  I think this is essentially to free up the 'standard'
> port
> for the next 'initial' client connection.
> This means that much of the communication may be on other ports that
> originally specified.

Dominic, I think you are correct.  The high number port that I am seeing
must be the client port.

I found an article that suggests this to be the case.


> Dominic
>> >> Can someone explain the significance of the port numbers?  I have
>> port
>> > 22
>> >> open for ssh plus 25 and a couple for vnc, but everything else is
>> > blocked
>> >> at the firewall and yet my server seems to be rejecting login
>> attempts
>> > on
>> >> other ports because of incorrect usernames and passwords.
>> >>
> _______________________________________________
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sussex


Tony Austin
Gigaday Computing Limited
tony at gigaday.com

More information about the Sussex mailing list