Re: sshd attack?

To: debian-security@lists.debian.org
Subject: Re: sshd attack?
From: Philipp Schulte <p.schulte@matrix.uni-duisburg.de>
Date: Wed, 15 Aug 2001 09:50:44 +0200
Message-id: <[🔎] 20010815095044.A16298@nepomuk.matrix.uni-duisburg.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 002401c1255d$3095e280$406a3c86@wohnheim.uniulm.de>; from Siegbert.Baude@gmx.de on Wed, Aug 15, 2001 at 09:37:51AM +0200
References: <[🔎] 002401c1255d$3095e280$406a3c86@wohnheim.uniulm.de>

On Wed, Aug 15, 2001 at 09:37:51AM +0200, Siegbert Baude wrote: 

> I get about 100 log entries of the following pattern:
> 
> Aug 14 01:29:01 myserver sshd[27175]: Disconnecting: crc32 compensation
> attack: network attack detected

I got the same.

Aug 14 11:46:44 nepomuk sshd[12166]: Disconnecting: crc32 compensation
attack: network attack detected
Aug 14 11:46:44 nepomuk sshd[12165]: Disconnecting: crc32 compensation
attack: network attack detected
Aug 14 11:46:44 nepomuk sshd[12167]: Connection closed by
192.167.166.229

> What´s this?

An old but long fixed sshd-vulnerability. 

> How can I find out, from where this attack is originating? Must I increase
> the verbositiy level of sshd to achieve this?

Notice the last line of my logs? You should find something like this
too.
A simple whois will tell you more about the network the attack came
from.
Phil

Reply to:

References:
- sshd attack?
  - From: "Siegbert Baude" <Siegbert.Baude@gmx.de>

Prev by Date: sshd attack?
Next by Date: Re: sshd attack?
Previous by thread: sshd attack?
Next by thread: Re: sshd attack?
Index(es):
- Date
- Thread