log sshd - prosim o vysvetleni

Petr Hruzík petr.hruzik na sots.cz
Pátek Leden 18 07:05:15 CET 2002 

Dobry den,

mohl by mi prosim nekdo poradit, jak postupovat, kdyz v logu najdu takoveto
zverstvo.
Nikdy jsem toto neresil, tak nevim jak si to vysvetlit
Znamema Could not reverse map, ze uzivatel nema spravne nakonfigurovany
reversni zaznamy, nebo ze se nekdo snazi vystupovat jako pc s jinou IP
adresou - da se to nejak zjistit?

Cetl jsem v teto konferenci o problemech u nekterych starsich verzi SSH.
Je dostatecne pouzivat novejsi verzi, nebo lze udelat i nejake jine
opatreni.
Ma cenu se obracet na spravce pc dane IP adresy?  - 195.34.162.3 -
Obecne by me zajimalo jak postupovat pri pripadnem attacku.

S pozdravem
Petr Hruzik


Jan 13 21:27:03 bazen sshd[10022]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:27:18 bazen sshd[10022]: fatal: Local: crc32 compensation attack:
network attack detected
Jan 13 21:27:19 bazen sshd[10023]: connect from 195.34.162.3
Jan 13 21:27:19 bazen sshd[10023]: log: Connection from 195.34.162.3 port
4550
Jan 13 21:27:19 bazen sshd[10023]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:27:35 bazen sshd[10024]: connect from 195.34.162.3
Jan 13 21:27:35 bazen sshd[10024]: log: Connection from 195.34.162.3 port
4551
Jan 13 21:27:35 bazen sshd[10024]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:27:50 bazen sshd[10024]: fatal: Local: crc32 compensation attack:
network attack detected
Jan 13 21:27:51 bazen sshd[10025]: connect from 195.34.162.3
Jan 13 21:27:51 bazen sshd[10025]: log: Connection from 195.34.162.3 port
4552
Jan 13 21:27:51 bazen sshd[10025]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:28:06 bazen sshd[10025]: fatal: Local: crc32 compensation attack:
network attack detected
Jan 13 21:28:06 bazen sshd[10026]: connect from 195.34.162.3
Jan 13 21:28:06 bazen sshd[10026]: log: Connection from 195.34.162.3 port
4553
Jan 13 21:28:06 bazen sshd[10026]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:28:22 bazen sshd[10027]: connect from 195.34.162.3
Jan 13 21:28:22 bazen sshd[10027]: log: Connection from 195.34.162.3 port
4554
Jan 13 21:28:22 bazen sshd[10027]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:28:38 bazen sshd[10028]: connect from 195.34.162.3
Jan 13 21:28:38 bazen sshd[10028]: log: Connection from 195.34.162.3 port
4555
Jan 13 21:28:38 bazen sshd[10028]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:28:53 bazen sshd[10029]: connect from 195.34.162.3
Jan 13 21:28:53 bazen sshd[10029]: log: Connection from 195.34.162.3 port
4556
Jan 13 21:28:53 bazen sshd[10029]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:29:09 bazen sshd[10029]: fatal: Local: crc32 compensation attack:
network attack detected
Jan 13 21:29:09 bazen sshd[10030]: connect from 195.34.162.3
Jan 13 21:29:09 bazen sshd[10030]: log: Connection from 195.34.162.3 port
4557
Jan 13 21:29:09 bazen sshd[10030]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:29:24 bazen sshd[10031]: connect from 195.34.162.3
Jan 13 21:29:24 bazen sshd[10031]: log: Connection from 195.34.162.3 port
4558
Jan 13 21:29:24 bazen sshd[10031]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:29:31 bazen sshd[10032]: connect from 195.34.162.3
Jan 13 21:29:31 bazen sshd[10032]: log: Connection from 195.34.162.3 port
4559
Jan 13 21:29:31 bazen sshd[10032]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:29:39 bazen sshd[10033]: connect from 195.34.162.3
Jan 13 21:29:39 bazen sshd[10033]: log: Connection from 195.34.162.3 port
4560
Jan 13 21:29:39 bazen sshd[10033]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:29:46 bazen sshd[10034]: connect from 195.34.162.3
Jan 13 21:29:46 bazen sshd[10034]: log: Connection from 195.34.162.3 port
4561
Jan 13 21:29:46 bazen sshd[10034]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:29:52 bazen sshd[10035]: connect from 195.34.162.3
Jan 13 21:29:52 bazen sshd[10035]: log: Connection from 195.34.162.3 port
4562
Jan 13 21:29:52 bazen sshd[10035]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:29:59 bazen sshd[10035]: fatal: Local: crc32 compensation attack:
network attack detected
Jan 13 21:29:59 bazen sshd[10036]: connect from 195.34.162.3
Jan 13 21:29:59 bazen sshd[10036]: log: Connection from 195.34.162.3 port
4563
Jan 13 21:29:59 bazen sshd[10036]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:30:05 bazen sshd[10036]: fatal: Local: crc32 compensation attack:
network attack detected
Jan 13 21:30:05 bazen sshd[10039]: connect from 195.34.162.3
Jan 13 21:30:05 bazen sshd[10039]: log: Connection from 195.34.162.3 port
4564
Jan 13 21:30:05 bazen sshd[10039]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:30:15 bazen sshd[10040]: connect from 195.34.162.3
Jan 13 21:30:15 bazen sshd[10040]: log: Connection from 195.34.162.3 port
4565
Jan 13 21:30:15 bazen sshd[10040]: log: Could not reverse map address
195.34.162.3.
Jan 13 21:30:22 bazen sshd[10041]: connect from 195.34.162.3
Jan 13 21:30:22 bazen sshd[10041]: log: Connection from 195.34.162.3 port
4566
Jan 13 21:30:22 bazen sshd[10041]: log: Could not reverse map address
195.34.162.3.

Další informace o konferenci Linux