Re: OpenSSH 4.X DoS (maybe...)

[Eygene Ryabinkin <rea-sec () codelabs ru>]

Tue, Feb 26, 2008 at 10:13:50PM -0000, sipherr () gmail com wrote:
> OpenSSH 4.X deny remote connections.
>
> The service itself doesn't crash, but it does NOT allow anyone
> to connect after 10 or so pending connections.

Because the default value for MaxStartups is 10.  This is documented
in the sshd_config manual page.  To overcome this, the simplest
thing is to enable random early drop.  More sophisticated preventive
methods will track source IPs and disable them at the firewall
level.  If your DoS is distributed, then even more sophisticated
methods should be applied.  As usual...
-- 
Eygene