Vulnerability Development mailing list archives
Radware Linkproof: SSH port DoS
From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 27 Jun 2003 09:03:53 +0200
While doing an external pen-test I have found that Radware Linkproof boxes with port 22 open ("SSH-2.0-1.0 Radware SSH") do not allow 2 simultaneous connections to that port. If I open one connection ("ssh whatever@<ip>") and let the daemon wait for the password (10 minutes no problem) then I cannot make another connection to port 22 on this box even from different source IP ("Connection closed by server: Server reached maximum number of simultaneous connections") until I explicitely close the first connection -- which means that I can easily DoS that service. Can somebody with better knowledge of this devices tell me if this is the default behaviour or some clueless configuration (except the obvious one that this service is wide opened to the Internet)? Radware contacted 19.6. 2003. No response yet. -- Martin Mačok http://underground.cz/ martin.macok () underground cz http://Xtrmntr.org/ORBman/
Current thread:
- Radware Linkproof: SSH port DoS Martin Mačok (Jun 27)