Linux server connecting to a site using port 22

**BKT** · 10-21-2009

We have a Suse Linux server and the problem I have is the the server is trying to connect to a site (261.182.224.42) now and then. We cannot find out where this is setup on the server. We really need to stop this as it brings the whole network down.

Help.

BKT

**highfructose327** · 10-21-2009

ssh uses port 22 by default, this may not be good. You probably want to harden your ssh install. You could change the default port ssh uses. Also add

ALL: 261.182.224.42

to your

/etc/hosts.deny

file.
You can also check the web address below it shows some different iptables rules you can set to harden ssh. There is a bunch of info on ssh available on this site and on the web just Google, ssh, iptables. You may also want to check a program called Denyhost. good luck

ww.webhostingtalk.com/showthread.php?t=456571

**mikesd** · 10-22-2009

Originally Posted by highfructose327

ssh uses port 22 by default, this may not be good. You probably want to harden your ssh install. You could change the default port ssh uses. Also add

Code:

 /etc/hosts.deny

to your file.
You can also check the web address below it shows some different iptables rules you can set to harden ssh. There is a bunch of info on ssh available on this site and on the web just Google, ssh, iptables. You may also want to check a program called Denyhost. good luck

ww.webhostingtalk.com/showthread.php?t=456571

/etc/hosts.deny is for connecting. If I interpret the OP right, the server is trying to connect to that ip. I think you should determine why it's doing that and possibly run a rootkit too.

**highfructose327** · 10-22-2009

mikesd thanks for the correction, on the hosts.deny. Could the OP pass a rule for iptables like

iptables -A OUTPUT -d 261.182.224.42 -j DROP

that would drop any connection to the ip while they figure out the problem? Just a thought.

Thread Tools

Display

Linux server connecting to a site using port 22

Posting Permissions