hacking attempt
Darren Tucker
dtucker at zip.com.au
Sat May 7 08:18:49 EST 2011
On Sat, May 7, 2011 at 7:55 AM, Scott Neugroschl <scott_n at xypro.com> wrote:
> Do you normally run your sshd on 55707?
That log message is of the source port of the connection not the listening port.
To the OP: I agree with the previous posters that there's probably
another sshd running on your machine. You can look for listening
ports (eg "lsof | grep LISTEN") but it certainly looks like the
machine is compromised so the only safe action is to determine how
then reinstall the system from trusted media (fixing the problem,
obviously).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list