[GRLUG] Rogue SSH connections

L. V. Lammert lvl at omnitec.net
Sun Oct 6 22:11:47 EDT 2013

On Sun, 6 Oct 2013, megadave wrote:

> Are these fully established connections? If not, perhaps they are SYN
> attack with a spoofed source address.
Interesting possibility, .. how would one go about delving deeper? Would
it not have to originate somewhere on the local subnet?


More information about the grlug mailing list