[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crc32 compensation attack

Micah Anderson wrote:

> Got what appears to be a "crc32 compensation attack in my logs today,
> about 10 minutes worth of these types of messages.... should I be
> worried? Should I laugh at this feable attempt to break in? Should I
> gnaw my fingernails with my shotgun on my lap?

heh, http://www.plif.com/archive/wc055.gif

I would be worried that somebody is interested in your ssh sessions.  I
would be less worried that they were able to successfully compromise the
session, but check the source code for that message so you can find out
where it was generated and what the attacker may have been trying to do.
(I would have closed the session as soon as I saw this myself though just
to be on the safe side.) There was a theoretical attack against the crc32
compensation attack detector itself a while back, this might be what you
saw.  http://razor.bindview.com/publish/advisories/adv_ssh1crc.html


Reply to: