MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Fri, Dec 30, 2016 7:45 pm

SSH break-in attempts from IP addresses

Yesterday, while using the free and open source packet analyzer software Wireshark to observe network traffic reaching a router, I had set a packet filter in Wireshark to filter on Internet Control Message Protocol (ICMP) traffic. I saw a lot of unexpected ICMP "port unreachable" packets coming from a server behind the router headed outbound to the Internet to the IP address

Internet Control Message Protocol
Type: 3 (Destination unreachable) Code: 3 (port unreachable) Checksum: 0xa821 [correct] [Checksum Status: Good] Unused: 00000000

ICMP destination unreachable packets are "generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason." There is a "code" field that follows the "type" field in an ICMP packet. If the code is 3, then it indicates a port unreachable error (the designated protocol is unable to inform the host of the incoming message). When I checked the destination port at the server end, I saw it was 22, which is the well-known port for the Secure Shell (SSH) protocol.

[ More Info ]

[/security/attacks/ssh] permanent link

Once You Know, You Newegg AliExpress by

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo