Re: some interesting attacks
Hi,
the answer may be found on this URL:
http://www.kb.cert.org/vuls/id/945216
Greetz
Christoph
BTW: There was a nice thread concering this topic on suse-security yesterday - it
is located under
http://lists2.suse.com/archive/suse-security/2001-Nov/0417.html
Ed Street wrote:
> Hello,
>
> Last night some interesting logs came to my inbox from a clients firewall
> box.
>
> Nov 21 23:20:05 <system name> sshd[11534]: Disconnecting: crc32 compensation
> attack: network attack detected
>
> This went on for a period of time until I went into the box retrieved the ip
> address of the person and threw them into /etc/hosts.deny. Then about 30-60
> mins later another of client that's not even related to this box was probed.
>
> Any input/thoughts on this? BTW I do know what type of attack it is and I
> do know that my clients firewall boxes have the latest security patches so
> nothing nasty happened, just some lag from this <stuff
> missing>.lax-ca.dsl.cnc.net place. This person who started the attack is
> running redhat 6.1 Linux and Friday I'm going to contact the isp to get the
> identity then call my clients and inform them of the attempted attack.
>
> Ed
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
.-. Ruhr-Universitaet Bochum
/v\ L I N U X Lehrstuhl fuer Biophysik
// \\ >Penguin Computing< c/o Christoph Wegener
/( )\ Gebaeude ND 04/Nord
^^-^^ D-44780 Bochum, GERMANY
Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626
mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de
Reply to: