Vulnerability Development mailing list archives

Re: Possible OpenSSH DoS Attack

From: Robert van der Meulen <rvdm () wiretrip org>
Date: Tue, 11 Dec 2001 03:42:23 +0100

Hi,

Quoting Pedro Inacio (drbrain () phibernet org):

It seems to be a known problem (
http://www.snailbook.com/faq/libwrap-oops.auto.html ), but until now there
is no patch available and this problem is present in all OpenSSH versions.

Do you get this problem both when running sshd from inetd and standalone?

Opening up a big number of connections to the server starves out the number
of available sockets, disallowing new connects. I can't think of an easy way
to solve this, without using an external measure (such as a combination of
--limit and --limit-burst iptables rules on linux).

Greets,
        Robert
-- 
                              Linux Generation
   encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key.
            Insanity is hereditary.  You get it from your kids.

Current thread:

Possible OpenSSH DoS Attack Pedro Inacio (Dec 10)
- Re: Possible OpenSSH DoS Attack Josha Bronson (Dec 10)
- Re: Possible OpenSSH DoS Attack Robert van der Meulen (Dec 11)
  - Re: Possible OpenSSH DoS Attack Jose Nazario (Dec 11)
- Re: Possible OpenSSH DoS Attack Markus Friedl (Dec 11)