|
Security Incidents
mailing list archives
Re: Weird SSH attack last night and this morning (still ongoing)
From: Valdis.Kletnieks () vt edu
Date: Fri, 16 May 2008 17:49:07 -0400
On Fri, 16 May 2008 17:19:16 EDT, dxp said:
Correction, one would only need to generate the amount of keys which
would equal the size of maximum PID value on Linux based system
(PID_MAX_DEFAULT). That equals to 32768 (2^15) on 32bit platform or
more precisely on LP32 data model systems.
That would be very nice, except that many of us are on 64-bit platforms
and can set /proc/sys/kernel/pid_max much higher. include/linux/threads.h says:
/*
* This controls the default maximum pid allocated to a process
*/
#define PID_MAX_DEFAULT (CONFIG_BASE_SMALL ? 0x1000 : 0x8000)
/*
* A maximum of 4 million PIDs should be enough for a while.
* [NOTE: PID/TIDs are limited to 2^29 ~= 500+ million, see futex.h.]
*/
#define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : (sizeof(long) > 4 ? 4 * 1024 * 1024 :
PID_MAX_DEFAULT))
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- Re: Weird SSH attack last night and this morning (still ongoing), (continued)
| 
Intro
