23 May
2017
23 May
'17
4:31 a.m.
Ronen,
I agree with Ruben.
Regarding that connection, if it was inbound, they may have successfully
logged into a device. Its Command Server may simply be maintaining the
connection, testing SSH tunneling, seeing if it does X11, Secure Copy, etc.
*If it's a hosted VPS service and SSH Keys are allowed for login, make
sure YOU MADE FRESH KEYS for your VPS' SSH Server. If this is a state
actor (or even another customer in the same company), they may have your
private SSH key.*
*And in fact, if you determine you've been logged into, you may wish to
start with a fresh install/VM.
*
**
73,
- Lynwood
KB3VWG
What is not understand to me is what is the purpose
... If it is a
robot what is the point of fluddling SSH connections is it brute force
? or anything else ? and how come that after 24 hours it stopped it
supposed to be endless loop if it is an automated process