[lug] Mystery SSH diagnostic lines
Simos
blug at chinesetearoom.com
Sun Aug 1 11:42:20 MDT 2021
Hi,
Looks like a port scan to me. Have you tried running something like
a MalwareBytes scan on your wife's Windows laptop just in case?
Simos
On Sun, 01 Aug 2021 11:36:16 -0600 Mike Witt <msg2mw at gmail.com> wrote:
>
> On 08/01/2021 10:34:12 AM, Bear Giles wrote:
>
> > Pissed off anyone recently? Someone who could hack into your wife's
> > computer, run a network scan, and then try to ssh into different
> > systems?
>
> This did occur to me, like a windows virus or something. Can't see any
> sign of anything like that. Plus, there are just those four lines. It
> *seems* like I'd see more activity, attempts. But I would certainly
> feel more comfortable if I could find some explanation.
>
> Everything is pretty well password protected ... except certain ssh
> keys that are used by automated scripts that run overnight. But someone
> would already need root access to the "important" machine to be able to
> read root's .ssh files. Not sure what more to do about that.
>
> I'm still not clear whether those four line mean that 10.0.0.8 is
> trying to do something to my machine or that my machine is trying to do
> something to 10.0.0.8.
>
> -Mike
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
More information about the LUG
mailing list