Micah Anderson wrote: > Got what appears to be a "crc32 compensation attack in my logs today, > about 10 minutes worth of these types of messages.... should I be > worried? Should I laugh at this feable attempt to break in? Should I > gnaw my fingernails with my shotgun on my lap?
heh, http://www.plif.com/archive/wc055.gif I would be worried that somebody is interested in your ssh sessions. I would be less worried that they were able to successfully compromise the session, but check the source code for that message so you can find out where it was generated and what the attacker may have been trying to do. (I would have closed the session as soon as I saw this myself though just to be on the safe side.) There was a theoretical attack against the crc32 compensation attack detector itself a while back, this might be what you saw. http://razor.bindview.com/publish/advisories/adv_ssh1crc.html -jamie
