[Andrew, I'm cc'ing my response back to the list.]
On Jan 28, 2005, at 8:13 AM, Andrew M. Gehring wrote:
> Do you (or someone on your network( have anything to do with
> http://www.bluemidnight.com ?
Not to my knowledge, but I think I'll start logging all traffic to and
from there. There are only two people who should have log on access to
that machine. I'm one and the other is being bcc'ed on this.
> If not, I would say somebody has access to the .7 system on your
> and is SSHing to bluemidnight...
Note that the SOURCE port was 22, not the destination port. So it was
not going to some standard SSH service. However, using 22 may have
been an effort to mislead and confuse people/systems reading logs.
Also, to send something with a source port of 22 requires root
Maybe I am just misreading things, and this is something harmless. I'm
hoping that someone will tell me that.
Jeffrey Goldberg http://www.goldmark.org/jeff/