Strange IP address appeared in netstat with ssh connection

General discussion on Zend Studio for IBM System i

Strange IP address appeared in netstat with ssh connection

Postby hl_soong on Thu May 21, 2015 7:59 am

Hi,
When I newly installed the Zend Studio 12.5, it required the start of ssh for connection to the Iseries IFS directory. I started it using strtcpsvr *sshd. All was working well. However when I do a netstat on the iseres, I realized that there were strange IP address (eg 222.186.30.xxx from China) appearing with ssh connection. This happens when I was the only one using the Zend studio and I am locally connected to the Iseries. Is this a hack? The IP address can keep changing and even use different user like QSECOFR, QSRV and even my own id. Only when I ended the sshd, it disappeared. It also happened when I am not using the Zend Studio. Zend Studio requires the sshd connection and I need to start it in order for it to work. So how can I secure the connection.


Regards,
Karen
hl_soong
 
Posts: 5
Joined: Mon Jun 11, 2012 1:28 pm

Re: Strange IP address appeared in netstat with ssh connecti

Postby erich_hieden on Fri May 22, 2015 8:59 am

Hello Karen

What commands are you exactly using, when the strange IP addresses show up? Could you post a screen shot? I can't find where you are getting the information from. Sorry.

Best
Martin
erich_hieden
 
Posts: 393
Joined: Tue Jul 07, 2009 9:01 am

Re: Strange IP address appeared in netstat with ssh connecti

Postby hl_soong on Tue May 26, 2015 3:49 am

Command used as follows:-
1. Strtcpsvr *sshd
2. netstat opt 3, under remote address (see file attached)
3. There will be random IP address appearing, not the usual internal IP address (192.168.x.x) and under different user id.
4. I have checked the different IP addresses appearing, some from China/Indonesia/Europe.
5. Currently I cannot start sshd, but it will also mean I cannot use the Zend Studio that requires this service to start.
6. On my test system running under os 5.4, I blocked all the IP but found the different IP addresses trying to access the system. Technically, there should be no other users on my Test system except me.
Attachments
CaptureIPAddress.GIF
CaptureIPAddress.GIF (4.01 KiB) Viewed 2309 times
hl_soong
 
Posts: 5
Joined: Mon Jun 11, 2012 1:28 pm

Re: Strange IP address appeared in netstat with ssh connecti

Postby erich_hieden on Wed May 27, 2015 12:08 pm

I have checked my test system and a few customer systems where ssh is running (all are V7R1 with different PTF levels), but didn't run into your Problem. I'm assuming that you really go a Problem with your security and that your ibm i is accessible from the Internet. You might want to check your firewall/LAN setup ASAP.
erich_hieden
 
Posts: 393
Joined: Tue Jul 07, 2009 9:01 am


Return to Zend Studio for IBM i

Who is online

Users browsing this forum: No registered users and 2 guests