some interesting attacks

To: <debian-security@lists.debian.org>
Subject: some interesting attacks
From: "Ed Street" <blacknet@phenixcable.net>
Date: Thu, 22 Nov 2001 09:36:31 -0500
Message-id: <[🔎] GCEGLPFGDCACHENIJHDDAEMKCMAA.blacknet@phenixcable.net>
In-reply-to: <[🔎] 20011122135029.A1340@tom>

Hello,

Last night some interesting logs came to my inbox from a clients firewall
box.

Nov 21 23:20:05 <system name> sshd[11534]: Disconnecting: crc32 compensation
attack: network attack detected

This went on for a period of time until I went into the box retrieved the ip
address of the person and threw them into /etc/hosts.deny.  Then about 30-60
mins later another of client that's not even related to this box was probed.

Any input/thoughts on this?  BTW I do know what type of attack it is and I
do know that my clients firewall boxes have the latest security patches so
nothing nasty happened, just some lag from this <stuff
missing>.lax-ca.dsl.cnc.net place.  This person who started the attack is
running redhat 6.1 Linux and Friday I'm going to contact the isp to get the
identity then call my clients and inform them of the attempted attack.

Ed

Reply to:

Follow-Ups:
- Re: some interesting attacks
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: some interesting attacks
  - From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>

References:
- Got hacked by Ramen-style attack
  - From: Thomas Amm <thomas.amm@fh-zwickau.de>

Prev by Date: Re: Got hacked by Ramen-style attack
Next by Date: Re: some interesting attacks
Previous by thread: Re: Got hacked by Ramen-style attack
Next by thread: Re: some interesting attacks
Index(es):
- Date
- Thread