On Wed, Aug 15, 2001 at 09:37:51AM +0200, Siegbert Baude wrote: > Hello, > > I get about 100 log entries of the following pattern: > > Aug 14 01:29:01 myserver sshd[27175]: Disconnecting: crc32 compensation > attack: network attack detected > > > What´s this?
I do not know. > How can I find out, from where this attack is originating? Must I increase > the verbositiy level of sshd to achieve this? sshd might be able to do it. I'm logging the originating adress through my internet services daemon. I happen to use tcpserver[1] but inetd[2] and xinetd[3] ought to be able to do it as well. A second alternative is to do it through a tcpwrapper like Venemas[4]. Jörgen [1] http://cr.yp.to/ucspi.tcp/tcpserver.html [2] ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/ [3] http://www.xinetd.org/ [4] ftp://ftp.porcupine.org/pub/security/