Loading ...
Sorry, an error occurred while loading the content.

Re: [gnubies-il] Ahhmm... help ?

Expand Messages
  • Tzafrir Cohen
    ... $ whois [snip ] inetnum: - netname: DE-STILLER-NET descr: Christian Stiller, Koeln country:
    Message 1 of 2 , Jan 14, 2002
    • 0 Attachment
      On Mon, 14 Jan 2002, san_tsu2000 wrote:

      > Please ignore my last message.
      > Going over the logs brought up MULTIPLE lines in the form of:
      > Jan 13 11:24:09 source sshd[19130]: Did not receive ident string from

      $ whois

      [snip ]

      inetnum: -
      netname: DE-STILLER-NET
      descr: Christian Stiller, Koeln
      country: DE
      admin-c: CS14326-RIPE
      tech-c: TN75
      status: ASSIGNED PA
      mnt-by: WESTEND-MNT
      changed: tn@... 20001130
      source: RIPE


      Looks like an address that is assigned to some german company.

      > Jan 13 11:30:05 source sshd[19236]: Disconnecting: crc32 compensation
      > attack: network attack detected
      > Jan 13 11:31:14 source sshd[19260]: Disconnecting: Corrupted check
      > bytes on input.
      > Jan 13 11:42:47 source sshd[19310]: Accepted password for amir from
      > port 1433

      What version of sshd do you use?

      (This is not a secret to anybody who knows the IP of your computer. Simply
      telnet to port 22 of your computer to get this version number).

      I'm not sure that this is it, but there is a root exploit for a relatively
      old sshd hole (was fixed almost a year ago) that is now floating around
      the internet.

      There were some more recent updates to sshd. See your distro's ssh

      Tzafrir Cohen /"\
      mailto:tzafrir@... \ / ASCII Ribbon Campaign
      Taub 229, 972-4-829-3942, X Against HTML Mail
      http://www.technion.ac.il/~tzafrir / \
    Your message has been successfully submitted and would be delivered to recipients shortly.