On Wed, Aug 15, 2001 at 09:37:51AM +0200, Siegbert Baude wrote: > I get about 100 log entries of the following pattern: > > Aug 14 01:29:01 myserver sshd[27175]: Disconnecting: crc32 compensation > attack: network attack detected
I got the same. Aug 14 11:46:44 nepomuk sshd[12166]: Disconnecting: crc32 compensation attack: network attack detected Aug 14 11:46:44 nepomuk sshd[12165]: Disconnecting: crc32 compensation attack: network attack detected Aug 14 11:46:44 nepomuk sshd[12167]: Connection closed by 192.167.166.229 > What´s this? An old but long fixed sshd-vulnerability. > How can I find out, from where this attack is originating? Must I increase > the verbositiy level of sshd to achieve this? Notice the last line of my logs? You should find something like this too. A simple whois will tell you more about the network the attack came from. Phil
