Full Disclosure mailing list archives
Possible DOS issue in OpenSSH ssh client
From: Espen Grøndahl <espen () espen mine nu>
Date: Tue, 13 Jun 2006 14:54:51 +0200
During some testing I found a possible bug/issue with OpenSSH ssh client. MachineA # cat < /dev/zero | nc l p 3000 MachineB# ssh someone@MachineA p 3000 I have tested on OpenBSD 3.9, CentOS 4.3, Debian 3.1 and Solaris 9. This consumes 50-100% of available CPU time on MachineB ( depending on the bandwith between them ). This could be used in a denial of service attack or could be used to stop ( or at least annoy ) ssh bruteforcers :-) But of course it would also consume my upstream bandwith . Espen http://espen.mine.nu <http://espen.mine.nu/>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Possible DOS issue in OpenSSH ssh client Espen Grøndahl (Jun 13)
- Re: Possible DOS issue in OpenSSH ssh client Paul Schmehl (Jun 13)
- Re: Possible DOS issue in OpenSSH ssh client kaosone (Jun 13)
- <Possible follow-ups>
- Possible DOS issue in OpenSSH ssh client Espen Grøndahl (Jun 13)