Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible Denial of Service: SSH

From: jimd () starshine org (Jim Dennis)
Date: Wed, 18 Dec 1996 13:41:00 -0800


On Tue, 17 Dec 1996, Sean B. Hamor wrote:


I believe I may have found a possible denial of service attack for use
against SSH.  The attack requires an account on the target machine.  I found
this using the following setup:



...




there is mutch simpler way to block sshd - just force sshd to ask password
in login time, now create connection and let ssh to wait for password....
no one can login with ssh (with or without password) during this wait
time.... tested with 1.2.17

toomas soome


        Try configuring it to run via inetd with a nowait flag in
        the /etc/inetd.conf.

        This will make the initial connection (the latency) much
        longer but should prevent that problem.


        Naturally this decision hinges upon your use.  For a
        multi-user shell machine, use inetd.conf.  For your personal
        workstation or one of your servers; where you only need
        or a few people to access it -- and you have packet filters
        to prevent DOSA from outside; use a statically loaded sshd.

        You can also configure sshd to refuse connections from
        unknown hosts.  You could also keep one statically loaded
        sshd on one port -- and keep an inetd launched one on another
        port (so you only access the inetd one manually when it appears
        that you are being victimized).


        Jim Dennis,
        Starshine Technical Services
Previous By Date Next
Previous By Thread Next

Current thread: