On Sun, 27 Jan 2002, John Desmond wrote: > I just picked the following off my ESbeta2 a few > minutes ago. It claims a "crc32 compensation attack" > was made against it. It went on for about 1/2 hour. Is > it significant that the source port changes with every > connection attempt? > I have sshd set up to receive connections from two > external IPs (EXTERN_TCP_PORTS="0/0_ssh <2 locations>" > and hosts.allow is ALL:192.168.1.0/255.255.255.0,<2 > locations>) and this isn't one of them. Are there any > extra steps I should take to protect my internal home > network?
DENY all port 22 access through the external interface until you have confirmed that you are not vulnerable. I don't know if there is an ssh v1.2.32 LRP file, but I think Jacques Nilo's OpenSSH is up to date. Read http://www.kb.cert.org/vuls/id/945216 [...] --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
