Vulnerability Development: Re: OpenSSH 4.X DoS (maybe...)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: OpenSSH 4.X DoS (maybe...)

From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Fri, 29 Feb 2008 20:01:24 +0300

Tue, Feb 26, 2008 at 10:13:50PM -0000, sipherr () gmail com wrote:

OpenSSH 4.X deny remote connections.

The service itself doesn't crash, but it does NOT allow anyone
to connect after 10 or so pending connections.


Because the default value for MaxStartups is 10.  This is documented
in the sshd_config manual page.  To overcome this, the simplest
thing is to enable random early drop.  More sophisticated preventive
methods will track source IPs and disable them at the firewall
level.  If your DoS is distributed, then even more sophisticated
methods should be applied.  As usual...
-- 
Eygene

By Date By Thread

Current thread:

OpenSSH 4.X DoS (maybe...) sipherr (Feb 29)
- Re: OpenSSH 4.X DoS (maybe...) Eygene Ryabinkin (Feb 29)