Vulnerability Development mailing list archives
Re: Possible OpenSSH DoS Attack
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Tue, 11 Dec 2001 12:41:12 -0500 (EST)
On Tue, 11 Dec 2001, Robert van der Meulen wrote:
Do you get this problem both when running sshd from inetd and standalone?
the resource exhaustion attacks occur both standalone and from some 'super server', ie inetd.
Opening up a big number of connections to the server starves out the number of available sockets, disallowing new connects. I can't think of an easy way to solve this, without using an external measure (such as a combination of --limit and --limit-burst iptables rules on linux).
alternatively you can use xinetd, which has a maximum connections directive, and also a "max from any one IP" directive. both of those help stave off resource exhaustion attacks by ssh. http://security-archive.merton.ox.ac.uk/bugtraq-199909/0207.html openssh committed a fix for this before we even noted it widely, and a friend even fix a sigchild problem (craig copi, see ChangeLog in OpenSSH-portable) way back in 1999. i dont think Ssh.com ever did a fix for SSH1 daemons, citing it was depracated .... ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- Possible OpenSSH DoS Attack Pedro Inacio (Dec 10)
- Re: Possible OpenSSH DoS Attack Josha Bronson (Dec 10)
- Re: Possible OpenSSH DoS Attack Robert van der Meulen (Dec 11)
- Re: Possible OpenSSH DoS Attack Jose Nazario (Dec 11)
- Re: Possible OpenSSH DoS Attack Markus Friedl (Dec 11)