Bugtraq mailing list archives
Re: Possible Denial of Service: SSH
From: sven () susie sparta lu se (Sven Gestegard)
Date: Wed, 18 Dec 1996 23:01:59 +0100
On Wed, 18 Dec 1996, Toomas Soome wrote:
On Tue, 17 Dec 1996, Sean B. Hamor wrote:
[ snip, snip ]
there is mutch simpler way to block sshd - just force sshd to ask password in login time, now create connection and let ssh to wait for password.... no one can login with ssh (with or without password) during this wait time.... tested with 1.2.17
Can anyone confirm this?
I wasn't able to reproduce this on either 1.2.14 or 1.2.17.
I ssh'ed to a host and left that session at the password prompt, and
after that I was still able to ssh into that box, both from localhost and
from a remote host. A quick ps reveals that a new sshd gets spawned for
every connection. Have I missed something?
/
/ Sven
--
| Sven GestegÄrd | sven () df lth se |
| Studying Computer Science & Technology | d95sge () efd lth se |
| at Lund Institute of Technology, Sweden | http://www.efd.lth.se/~d95sge |
| Finger for public PGP key and geek code | Phone: +46-(0)46-39 51 32 |
Current thread:
- Possible Denial of Service: SSH Sean B. Hamor (Dec 17)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Toomas Soome (Dec 18)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Sven Gestegard (Dec 18)
- Exploit for ppp bug (FreeBSD 2.1.0). Leshka Zakharoff (Dec 18)
- CIAC Bulletin H-17: cron/crontab Buffer Overrun Vulnerabilities David Crawford (Dec 19)
- NT vulnerable to attack on CPU Aleph One (Dec 19)
- CERT/AUCERT Mycroft (Dec 19)
- Re: CERT/AUCERT itudps (Dec 19)
- Re: CERT/AUCERT Aleph One (Dec 19)
- Re: CERT/AUCERT Theo de Raadt (Dec 19)
- Slow vendor response Alan Cox (Dec 20)
- CERT Bashing, etc Aleph One (Dec 19)
- Re: CERT/AUCERT Yuri Volobuev (Dec 19)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)