[Sussex] unauthorised ssh attempts
Tony Austin
tony at gigaday.com
Fri Aug 20 11:12:46 UTC 2004
> I could be wrong here, but my understanding (and it was a while since I
> looked at this) is that the original connection for any IP 'transaction'
> will be on the standardised port (either specified by you or a defaulted
> value) - ie port 22. After this, the process will select another port to
> communicate on. I think this is essentially to free up the 'standard'
> port
> for the next 'initial' client connection.
>
> This means that much of the communication may be on other ports that
> originally specified.
>
Dominic, I think you are correct. The high number port that I am seeing
must be the client port.
I found an article that suggests this to be the case.
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=Pine.GSO.3.95.970827131807.22215H-100000%40vanur.online.ee&rnum=3&prev=/groups%3Fas_q%3Dsshd%2520port%2520number%26safe%3Dimages%26ie%3DUTF-8%26as_ugroup%3Dcomp.security.ssh%26lr%3D%26hl%3Den
> Dominic
>
>> >> Can someone explain the significance of the port numbers? I have
>> port
>> > 22
>> >> open for ssh plus 25 and a couple for vnc, but everything else is
>> > blocked
>> >> at the firewall and yet my server seems to be rejecting login
>> attempts
>> > on
>> >> other ports because of incorrect usernames and passwords.
>> >>
>
>
> _______________________________________________
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sussex
>
Regards.
Tony Austin
Gigaday Computing Limited
http://www.gigaday.com
tony at gigaday.com
More information about the Sussex
mailing list