On Fri, 19 Sep 2008 09:56:24 -0500, Allen Kistler
<ackistler@oohay.moc> wrote:

>Anon E. Muss wrote:
>> I recently noticed excessive acitivity on my router's activity LED and
>> did a little investigating. As immediate action, I used a big hammer
>> and firewalled off 218/8 until I can figure out what is going on here.
>> Yesterday, it was 201/8.
>>
>> Below is most of output of netstat. Can someone let me know what is
>> going on here? SynFlood?? Also, any suggestions??
>>
>> ===== BEGIN =====
>> Active Internet connections (w/o servers)
>> Proto Recv-Q Send-Q Local Address Foreign Address State
>>
>> [snip]
>
>Welcome to the Internet. It's been here for a while. Where have you been?

Been here a while.

>If you have services offered to the world, lots of people are going to
>try to break in. If you have ssh turned on with guessable usernames
>(like, you know, root, ftp, httpd, or bin) and authentication using only
>password enabled, eventually someone is going to guess your lame password.

Not *my* password.

I will go through the users and find out who used a lame-o password.

Thanks for the help.