On Tue, May 13, 2014 at 10:31 PM, Johan Ryberg <jo...@securit.se> wrote:
> Yes, it's related to a SSH brute force attack.
>
> I have just never seen the the "client" IP in the routing table before. My
> IP does not exist in the routing table when I SSH to the host.
The IP shouldn't be there, at all. But, according to the route flags
('D' in this case), it's in there due to a redirect.
> I have a hard time to understand the mechanism that added the IP to the
> table.
>
> Is this something that can be explained?
My assumption is there was an ICMP redirect that added the IP to your table.
Check to see if you're accepting redirects. By default, OpenBSD has them as off.
