Strange IP address appeared in netstat with ssh connection

General discussion on Zend Studio for IBM System i
Post Reply
hl_soong
Posts: 5
Joined: Mon Jun 11, 2012 1:28 pm

Strange IP address appeared in netstat with ssh connection

Post by hl_soong » Thu May 21, 2015 7:59 am

Hi,
When I newly installed the Zend Studio 12.5, it required the start of ssh for connection to the Iseries IFS directory. I started it using strtcpsvr *sshd. All was working well. However when I do a netstat on the iseres, I realized that there were strange IP address (eg 222.186.30.xxx from China) appearing with ssh connection. This happens when I was the only one using the Zend studio and I am locally connected to the Iseries. Is this a hack? The IP address can keep changing and even use different user like QSECOFR, QSRV and even my own id. Only when I ended the sshd, it disappeared. It also happened when I am not using the Zend Studio. Zend Studio requires the sshd connection and I need to start it in order for it to work. So how can I secure the connection.


Regards,
Karen

erich_hieden
Posts: 393
Joined: Tue Jul 07, 2009 9:01 am

Re: Strange IP address appeared in netstat with ssh connecti

Post by erich_hieden » Fri May 22, 2015 8:59 am

Hello Karen

What commands are you exactly using, when the strange IP addresses show up? Could you post a screen shot? I can't find where you are getting the information from. Sorry.

Best
Martin

hl_soong
Posts: 5
Joined: Mon Jun 11, 2012 1:28 pm

Re: Strange IP address appeared in netstat with ssh connecti

Post by hl_soong » Tue May 26, 2015 3:49 am

Command used as follows:-
1. Strtcpsvr *sshd
2. netstat opt 3, under remote address (see file attached)
3. There will be random IP address appearing, not the usual internal IP address (192.168.x.x) and under different user id.
4. I have checked the different IP addresses appearing, some from China/Indonesia/Europe.
5. Currently I cannot start sshd, but it will also mean I cannot use the Zend Studio that requires this service to start.
6. On my test system running under os 5.4, I blocked all the IP but found the different IP addresses trying to access the system. Technically, there should be no other users on my Test system except me.
Attachments
CaptureIPAddress.GIF
CaptureIPAddress.GIF (4.01 KiB) Viewed 3722 times

erich_hieden
Posts: 393
Joined: Tue Jul 07, 2009 9:01 am

Re: Strange IP address appeared in netstat with ssh connecti

Post by erich_hieden » Wed May 27, 2015 12:08 pm

I have checked my test system and a few customer systems where ssh is running (all are V7R1 with different PTF levels), but didn't run into your Problem. I'm assuming that you really go a Problem with your security and that your ibm i is accessible from the Internet. You might want to check your firewall/LAN setup ASAP.

henr5687
Posts: 2
Joined: Wed May 09, 2018 7:03 am
Contact:

Re: Strange IP address appeared in netstat with ssh connecti

Post by henr5687 » Wed May 09, 2018 7:05 am

The same issue is coming to me and I am unable to have a solution for the same. Is there any one in the group or community that can help me with this.

Post Reply