[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: some interesting attacks

Hi,
the answer may be found on this URL:

http://www.kb.cert.org/vuls/id/945216

Greetz
Christoph

BTW: There was a nice thread concering this topic on suse-security yesterday - it
is located under
http://lists2.suse.com/archive/suse-security/2001-Nov/0417.html

Ed Street wrote:

> Hello,
>
> Last night some interesting logs came to my inbox from a clients firewall
> box.
>
> Nov 21 23:20:05 <system name> sshd[11534]: Disconnecting: crc32 compensation
> attack: network attack detected
>
> This went on for a period of time until I went into the box retrieved the ip
> address of the person and threw them into /etc/hosts.deny.  Then about 30-60
> mins later another of client that's not even related to this box was probed.
>
> Any input/thoughts on this?  BTW I do know what type of attack it is and I
> do know that my clients firewall boxes have the latest security patches so
> nothing nasty happened, just some lag from this <stuff
> missing>.lax-ca.dsl.cnc.net place.  This person who started the attack is
> running redhat 6.1 Linux and Friday I'm going to contact the isp to get the
> identity then call my clients and inform them of the attempted attack.
>
> Ed
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--
    .-.                             Ruhr-Universitaet Bochum
    /v\    L   I   N   U   X        Lehrstuhl fuer Biophysik
   // \\  >Penguin Computing<       c/o Christoph Wegener
  /(   )\                           Gebaeude ND 04/Nord
   ^^-^^                            D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754             Fax: +49 (234) 32-14626
mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de
Reply to: