<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: OpenSSH 4.X DoS (maybe...)

Re: OpenSSH 4.X DoS (maybe...)

From: Eygene Ryabinkin <rea-sec_at_codelabs.ru>
Date: Fri, 29 Feb 2008 20:01:24 +0300

Tue, Feb 26, 2008 at 10:13:50PM -0000, sipherr_at_gmail.com wrote:
> OpenSSH 4.X deny remote connections.
>
> The service itself doesn't crash, but it does NOT allow anyone
> to connect after 10 or so pending connections.

Because the default value for MaxStartups is 10. This is documented
in the sshd_config manual page. To overcome this, the simplest
thing is to enable random early drop. More sophisticated preventive
methods will track source IPs and disable them at the firewall
level. If your DoS is distributed, then even more sophisticated
methods should be applied. As usual...

-- 
Eygene

Received on Feb 29 2008

This message: [ Message body ]
Next message: sipherr_at_gmail.com: "*BSD user-ppp local root (when conditions permit)"
Previous message: sipherr_at_gmail.com: "OpenSSH 4.X DoS (maybe...)"
In reply to: sipherr_at_gmail.com: "OpenSSH 4.X DoS (maybe...)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos