Vulnerability Development mailing list archives
Re: OpenSSH 4.X DoS (maybe...)
From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Fri, 29 Feb 2008 20:01:24 +0300
Tue, Feb 26, 2008 at 10:13:50PM -0000, sipherr () gmail com wrote:
OpenSSH 4.X deny remote connections. The service itself doesn't crash, but it does NOT allow anyone to connect after 10 or so pending connections.
Because the default value for MaxStartups is 10. This is documented in the sshd_config manual page. To overcome this, the simplest thing is to enable random early drop. More sophisticated preventive methods will track source IPs and disable them at the firewall level. If your DoS is distributed, then even more sophisticated methods should be applied. As usual... -- Eygene
Current thread:
- OpenSSH 4.X DoS (maybe...) sipherr (Feb 29)
- Re: OpenSSH 4.X DoS (maybe...) Eygene Ryabinkin (Feb 29)