[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] crc32 compensation attack + SSH

Subject: Re: [cobalt-users] crc32 compensation attack + SSH
From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed Jul 24 09:39:03 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

>> The following have began to appear on my Logcheck reports
>> 
>> 
>> Jul 23 23:15:20 coferaq sshd[23117]: fatal: Local:   attack: network attack
>> detected
>> Jul 23 23:15:22 coferaq sshd[23118]: debug: Installing crc compensation
>> attack detector.

If you have an OpenSSH version above 2.3.0 I don't think your vulnerable.

http://www.securiteam.com/securitynews/5LP042K3FY.html

You should be using SSH Protocol 2 only anyway.

> I now can't get through with SSH
> 
> I get
> 
> Unsupported protocol version: SSH-1.5-OpenSSH_3.1p1
> 
> Havent had a problem before
> 
> Any ideas what all this means

What version of SSH do you have on the machine? Is that 3.1p1 version above
correct? You should have version OpenSSH 3.4p1-4 installed because of some
exploits in version 3.1p1.

Can you see where the attacks are coming from? Route them out or add them to
you IPCHAINS.

HTH,
j
-- 
http://www.bizmanuals.com

References:
- Re: [cobalt-users] crc32 compensation attack + SSH
  - From: Revd leonard payne

Prev by Date: RE: [cobalt-users] openwebmail...getting rid of www
Next by Date: [cobalt-users] It is possible to make view on DNS Service ?
Previous by thread: Re: [cobalt-users] crc32 compensation attack + SSH
Next by thread: RE: [cobalt-users] crc32 compensation attack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index