From owner-freebsd-security  Sat Dec  8  9:39: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mx04.nexgo.de (mx04.nexgo.de [151.189.8.80])
	by hub.freebsd.org (Postfix) with ESMTP id 29EB437B405
	for <freebsd-security@freebsd.org>; Sat,  8 Dec 2001 09:39:01 -0800 (PST)
Received: from localhost (dsl-213-023-062-252.arcor-ip.net [213.23.62.252])
	by mx04.nexgo.de (Postfix) with ESMTP
	id C398C37BA7; Sat,  8 Dec 2001 18:38:55 +0100 (CET)
Received: by localhost (Postfix, from userid 31451)
	id 4D09743CF; Sat,  8 Dec 2001 18:38:45 +0100 (CET)
Date: Sat, 8 Dec 2001 18:38:44 +0100
From: Markus Friedl <markus@openbsd.org>
To: Emre Bastuz <info@emre.de>
Cc: freebsd-security@freebsd.org
Subject: Re: sshd: rcvd big packet ?
Message-ID: <20011208183844.A4218@folly>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> I just noticed a lot of messages in /var/log/messages
> that look like this:
> Nov 26 15:28:17 myhost sshd[19978]: channel 1: rcvd big packet 31535, maxpack 16384
> 
> After doing some research on google, I found out that this is some kind
> of indicator for the sshd crc32 attack.

no. not at all. it's an indicator for a broken ssh client.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message