Back to list
OpenSSH 4.X DoS (maybe...)
Feb 26 2008 10:13PM
sipherr gmail com
Re: OpenSSH 4.X DoS (maybe...)
Feb 29 2008 05:01PM
Eygene Ryabinkin (rea-sec codelabs ru)
Tue, Feb 26, 2008 at 10:13:50PM -0000, sipherr (at) gmail (dot) com [email concealed] wrote:
> OpenSSH 4.X deny remote connections.
> The service itself doesn't crash, but it does NOT allow anyone
> to connect after 10 or so pending connections.
Because the default value for MaxStartups is 10. This is documented
in the sshd_config manual page. To overcome this, the simplest
thing is to enable random early drop. More sophisticated preventive
methods will track source IPs and disable them at the firewall
level. If your DoS is distributed, then even more sophisticated
methods should be applied. As usual...
[ reply ]
Copyright 2010, SecurityFocus