Bugtraq mailing list archives
Re: Possible Denial of Service: SSH
From: jimd () starshine org (Jim Dennis)
Date: Wed, 18 Dec 1996 13:41:00 -0800
On Tue, 17 Dec 1996, Sean B. Hamor wrote:I believe I may have found a possible denial of service attack for use against SSH. The attack requires an account on the target machine. I found this using the following setup:
...
there is mutch simpler way to block sshd - just force sshd to ask password in login time, now create connection and let ssh to wait for password.... no one can login with ssh (with or without password) during this wait time.... tested with 1.2.17 toomas soome
Try configuring it to run via inetd with a nowait flag in the /etc/inetd.conf. This will make the initial connection (the latency) much longer but should prevent that problem. Naturally this decision hinges upon your use. For a multi-user shell machine, use inetd.conf. For your personal workstation or one of your servers; where you only need or a few people to access it -- and you have packet filters to prevent DOSA from outside; use a statically loaded sshd. You can also configure sshd to refuse connections from unknown hosts. You could also keep one statically loaded sshd on one port -- and keep an inetd launched one on another port (so you only access the inetd one manually when it appears that you are being victimized). Jim Dennis, Starshine Technical Services
Current thread:
- Possible Denial of Service: SSH Sean B. Hamor (Dec 17)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Toomas Soome (Dec 18)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Sven Gestegard (Dec 18)
- Exploit for ppp bug (FreeBSD 2.1.0). Leshka Zakharoff (Dec 18)
- CIAC Bulletin H-17: cron/crontab Buffer Overrun Vulnerabilities David Crawford (Dec 19)
- NT vulnerable to attack on CPU Aleph One (Dec 19)
- CERT/AUCERT Mycroft (Dec 19)
- Re: CERT/AUCERT itudps (Dec 19)
- Re: CERT/AUCERT Aleph One (Dec 19)
- Re: CERT/AUCERT Theo de Raadt (Dec 19)
- Slow vendor response Alan Cox (Dec 20)
- CERT Bashing, etc Aleph One (Dec 19)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)