Strange connections outgoing SSH connections (to China!?) after startup/git install

Posted August 26, 2013 7.2k views
I just started a ubuntu 12 droplet, installed a private git server per the tutorial, did a netstat. and got: tcp 0 0 :12683 ESTABLISHED tcp 0 0 ESTABLISHED tcp 0 352 **MYIP**.:2454 ESTABLISHED tcp 0 0 ESTABLISHED is owned by CHINANET-SCIDC-AS-AP CHINANET SiChuan Telecom Internet Data Center What gives?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
7 answers
Is it a new droplet? Does anyone else have access to your droplet/digitalocean account/email account?
Brand new droplet. Account set up ~1 hour ago. droplet < 30 mins old at this point. Nothing else done on droplet except apt-get update; install git (per tutorial) and set up private git server (per tutorial) and a few pings and traceroutes.

I'm wondering if this is a virtualization problem (previous user). The SSH connections disappeared after a minute or two. Or possibly apt-get install git-core pulled down something from this IP address.
Could have been an incoming attack in progress.
reports the IP address as being used for SSH probes. Unfortunately I've no way to edit the typo in the title - it should have read "Strange SSH connections (to China) after startup/git install. It looks from the netstat that they were incoming.
It's a possible SSH attack attempt. You shouldn't worry about it -- just make sure you don't use a weak password :] (or not use passwords at all and set up SSH keys).

I met the same problem, I don’t know what is that.
lsof -i gives me:

sshd      26054       root    3u  IPv4 4317876      0t0  TCP atlas:ssh-> (ESTABLISHED)
sshd      26055       sshd    3u  IPv4 4317876      0t0  TCP atlas:ssh-> (ESTABLISHED)

Changes root password for security

Show answer This answer has been marked as resolved by cuchulainn.
Show answer This answer has been marked as resolved by cuchulainn.