Date: Thu, 29 Nov 2001 20:56:33 +0100 From: Emre Bastuz <info@emre.de> To: security@FreeBSD.ORG Subject: sshd: rcvd big packet ? Message-ID: <3C0692F1.2040904@emre.de>
next in thread | raw e-mail | index | archive | help
Hi, I just noticed a lot of messages in /var/log/messages that look like this: Nov 26 15:28:17 myhost sshd[19978]: channel 1: rcvd big packet 31535, maxpack 16384 After doing some research on google, I found out that this is some kind of indicator for the sshd crc32 attack. Anyone can confirm this ? Just a couple of days ago I have updated sshd to 3.0, just as a precaution. How are chances my box has been compromised ? I´m running snort 1.8.1 on this box - the IDS did not leave any attack alerts ? Hmmmm ... I´ll do some investigating and hope one of you guys can give me some hint what the messages might mean. Regards, Emre -- Emre Bastuz info@emre.de http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C0692F1.2040904>