[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: sshd sending packets outside lan during local connection

Turn BIND's query logging on and see what it's trying to
lookup.  You can do this from the shell (as root) by
entering "ndc querylog".  Then take a look at your log
files and see exactly what it's doing.  As someone pointed
out, I would also guess that it's attempting to perform
lookups on the IP that you're connecting from.


Jeremy L. Gaddis     <jlgaddis@blueriver.net>

-----Original Message-----
From: Jeff Stevens [mailto:jeff_stevens40@hotmail.com]
Sent: Sunday, January 13, 2002 10:27 PM
To: debian-security@lists.debian.org
Subject: sshd sending packets outside lan during local connection

I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and
bind (version: 1:8.2.3-0.potato.1).  It is also being used as a firewall
a local network.  It has 2 nic cards, one with an internal ip and one
an external ip.
When I ssh locally (to the internal ip)to this firewall it sends out
to my ISP.  If I unplug the "external ip" nic before entering the
then the connection pauses for about a minute before connecting.

I am no expert as I have just started using Debian, but it seems like
password is being sniffed.  I'm not exactly sure what the tcpdump output
shows (ATTACHED with route info) but it seems to be doing a domain name
up (but I could be wrong).  I have no idea why it would have to do a
look-up because I connect via ip address (ssh root@192.168.x.x) which is
inside the local network.

Earlier I made the mistake of offering bind publicly.  I recently
this but I don't know if I was compromised during the time it was
public.  I
am hoping this is just a misconfiguration problem.  Any suggestions
would be
greatly appreciated.  Thanks in advance.

Debian user

Join the world?s largest e-mail service with MSN Hotmail.

Reply to: