On Mon, 14 Jan 2002, san_tsu2000 wrote:
> Please ignore my last message.
> Going over the logs brought up MULTIPLE lines in the form of:
> Jan 13 11:24:09 source sshd: Did not receive ident string from
$ whois 188.8.131.52
inetnum: 184.108.40.206 - 220.127.116.11
descr: Christian Stiller, Koeln
status: ASSIGNED PA
Looks like an address that is assigned to some german company.
> Jan 13 11:30:05 source sshd: Disconnecting: crc32 compensation
> attack: network attack detected
> Jan 13 11:31:14 source sshd: Disconnecting: Corrupted check
> bytes on input.
> Jan 13 11:42:47 source sshd: Accepted password for amir from
> 18.104.22.168 port 1433
What version of sshd do you use?
(This is not a secret to anybody who knows the IP of your computer. Simply
telnet to port 22 of your computer to get this version number).
I'm not sure that this is it, but there is a root exploit for a relatively
old sshd hole (was fixed almost a year ago) that is now floating around
There were some more recent updates to sshd. See your distro's ssh
Tzafrir Cohen /"\
\ / ASCII Ribbon Campaign
Taub 229, 972-4-829-3942, X Against HTML Mail