[GRLUG] Rogue SSH connections

L. V. Lammert lvl at omnitec.net
Sun Oct 6 22:11:47 EDT 2013


On Sun, 6 Oct 2013, megadave wrote:

> Are these fully established connections? If not, perhaps they are SYN
> attack with a spoofed source address.
>
Interesting possibility, .. how would one go about delving deeper? Would
it not have to originate somewhere on the local subnet?

	Lee


More information about the grlug mailing list