From owner-freebsd-security Fri Mar 8 6:37:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from citi.umich.edu (citi.umich.edu [141.211.92.141]) by hub.freebsd.org (Postfix) with ESMTP id 1E26537B405 for ; Fri, 8 Mar 2002 06:37:52 -0800 (PST) Received: by citi.umich.edu (Postfix, from userid 104123) id 4394F207C1; Fri, 8 Mar 2002 09:37:47 -0500 (EST) Date: Fri, 8 Mar 2002 09:37:47 -0500 From: Niels Provos To: krzysztof Strzelczyk Cc: freebsd-security@freebsd.org Subject: Re: suspicious ssh logs Message-ID: <20020308143746.GY10142@citi.citi.umich.edu> Mail-Followup-To: krzysztof Strzelczyk , freebsd-security@freebsd.org References: <20020308040130.88177.qmail@web14803.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020308040130.88177.qmail@web14803.mail.yahoo.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 07, 2002 at 08:01:30PM -0800, krzysztof Strzelczyk wrote: > Mar 7 17:58:10 server sshd[8783]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:21 server sshd[8786]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:36 server sshd[8791]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:51 server sshd[8798]: fatal: Local: > Corrupted check bytes on input. The logs indicates that somebody is trying to exploit the crc32 deattach problem that has been fixed in OpenSSH in November 2000, IIRC. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message