Hello, Last night some interesting logs came to my inbox from a clients firewall box.
Nov 21 23:20:05 <system name> sshd[11534]: Disconnecting: crc32 compensation attack: network attack detected This went on for a period of time until I went into the box retrieved the ip address of the person and threw them into /etc/hosts.deny. Then about 30-60 mins later another of client that's not even related to this box was probed. Any input/thoughts on this? BTW I do know what type of attack it is and I do know that my clients firewall boxes have the latest security patches so nothing nasty happened, just some lag from this <stuff missing>.lax-ca.dsl.cnc.net place. This person who started the attack is running redhat 6.1 Linux and Friday I'm going to contact the isp to get the identity then call my clients and inform them of the attempted attack. Ed
