Bugtraq mailing list archives
Re: Possible Denial of Service: SSH
From: tsoome () ut ee (Toomas Soome)
Date: Wed, 18 Dec 1996 11:30:42 +0200
On Tue, 17 Dec 1996, Sean B. Hamor wrote:
I believe I may have found a possible denial of service attack for use against SSH. The attack requires an account on the target machine. I found this using the following setup:
lots deleted
It seems that when my Windows 95 laptop establishes a connection to my Linux box via SSH and the PPP connection drops, all processes that were being controlled by the inbound SSH connection get zombied out. If I establish a connection and exit/drop the SSH connection, the Linux box recovers fine. This problem only occurs when the PPP connection drops.
there is mutch simpler way to block sshd - just force sshd to ask password in login time, now create connection and let ssh to wait for password.... no one can login with ssh (with or without password) during this wait time.... tested with 1.2.17 toomas soome -- Redistribution by Microsoft Network is prohibited. PGP public key: http://www.cs.ut.ee/~tsoome/pgp.txt
Current thread:
- Possible Denial of Service: SSH Sean B. Hamor (Dec 17)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Toomas Soome (Dec 18)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Sven Gestegard (Dec 18)
- Exploit for ppp bug (FreeBSD 2.1.0). Leshka Zakharoff (Dec 18)
- CIAC Bulletin H-17: cron/crontab Buffer Overrun Vulnerabilities David Crawford (Dec 19)
- NT vulnerable to attack on CPU Aleph One (Dec 19)
- CERT/AUCERT Mycroft (Dec 19)
- Re: CERT/AUCERT itudps (Dec 19)
- Re: CERT/AUCERT Aleph One (Dec 19)
- Re: CERT/AUCERT Theo de Raadt (Dec 19)
- Slow vendor response Alan Cox (Dec 20)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)