Bugtraq mailing list archives

Re: Possible Denial of Service: SSH

From: tsoome () ut ee (Toomas Soome)
Date: Wed, 18 Dec 1996 11:30:42 +0200


On Tue, 17 Dec 1996, Sean B. Hamor wrote:

I believe I may have found a possible denial of service attack for use
against SSH.  The attack requires an account on the target machine.  I found
this using the following setup:

lots deleted


It seems that when my Windows 95 laptop establishes a connection to my Linux
box via SSH and the PPP connection drops, all processes that were being
controlled by the inbound SSH connection get zombied out.  If I establish a
connection and exit/drop the SSH connection, the Linux box recovers fine.
This problem only occurs when the PPP connection drops.


there is mutch simpler way to block sshd - just force sshd to ask password
in login time, now create connection and let ssh to wait for password....
no one can login with ssh (with or without password) during this wait
time.... tested with 1.2.17

toomas soome
--
 Redistribution by Microsoft Network is prohibited.
 PGP public key: http://www.cs.ut.ee/~tsoome/pgp.txt

Current thread:

Possible Denial of Service: SSH Sean B. Hamor (Dec 17)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)
  - Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Toomas Soome (Dec 18)
  - Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
  - Re: Possible Denial of Service: SSH Sven Gestegard (Dec 18)
  - Exploit for ppp bug (FreeBSD 2.1.0). Leshka Zakharoff (Dec 18)
  - CIAC Bulletin H-17: cron/crontab Buffer Overrun Vulnerabilities David Crawford (Dec 19)
  - NT vulnerable to attack on CPU Aleph One (Dec 19)
  - CERT/AUCERT Mycroft (Dec 19)
    - Re: CERT/AUCERT itudps (Dec 19)
    - Re: CERT/AUCERT Aleph One (Dec 19)
    - Re: CERT/AUCERT Theo de Raadt (Dec 19)
    - Slow vendor response Alan Cox (Dec 20)

(Thread continues...)