I just picked the following off my ESbeta2 a few minutes ago. It claims a "crc32 compensation attack" was made against it. It went on for about 1/2 hour. Is it significant that the source port changes with every connection attempt? I have sshd set up to receive connections from two external IPs (EXTERN_TCP_PORTS="0/0_ssh <2 locations>" and hosts.allow is ALL:192.168.1.0/255.255.255.0,<2 locations>) and this isn't one of them. Are there any extra steps I should take to protect my internal home network? -John
Jan 27 17:33:18 firewall sshd[19039]: log: Connection from 203.231.234.1 port 3894 Jan 27 17:33:19 firewall sshd[19040]: log: Connection from 203.231.234.1 port 4143 Jan 27 17:33:22 firewall sshd[19040]: log: Could not reverse map address 203.231.234.1. Jan 27 17:33:22 firewall sshd[19039]: log: Could not reverse map address 203.231.234.1. Jan 27 17:33:23 firewall sshd[19040]: fatal: Local: Your ssh version is too old and is no longer supported. Please install a newer version. Jan 27 17:33:23 firewall sshd[19041]: log: Connection from 203.231.234.1 port 4144 Jan 27 17:33:23 firewall sshd[19041]: log: Could not reverse map address 203.231.234.1. . . Jan 27 17:33:49 firewall sshd[19054]: fatal: Local: Corrupted check bytes on input. Jan 27 17:33:50 firewall sshd[19055]: log: Connection from 203.231.234.1 port 4147 Jan 27 17:33:50 firewall sshd[19055]: log: Could not reverse map address 203.231.234.1. . . . Jan 27 17:37:50 firewall sshd[19126]: fatal: Local: crc32 compensation attack: network attack detected Jan 27 17:37:51 firewall sshd[19127]: log: Connection from 203.231.234.1 port 4182 Jan 27 17:37:51 firewall sshd[19127]: log: Could not reverse map address 203.231.234.1. . . . Jan 27 17:39:18 firewall sshd[19158]: fatal: Local: crc32 compensation attack: network attack detected Jan 27 17:39:19 firewall sshd[19159]: log: Connection from 203.231.234.1 port 4188 Jan 27 17:39:19 firewall sshd[19159]: log: Could not reverse map address 203.231.234.1. . . . Jan 27 17:57:09 firewall sshd[19582]: log: Connection from 203.231.234.1 port 4384 Jan 27 17:57:09 firewall sshd[19582]: log: Could not reverse map address 203.231.234.1. Jan 27 17:57:11 firewall sshd[19582]: fatal: Connection closed by remote host. __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
