Vulnerability Development mailing list archives
Re: Possible OpenSSH DoS Attack
From: Josha Bronson <dmuz () slartibartfast angrypacket com>
Date: Mon, 10 Dec 2001 18:34:32 -0800
On Mon, Dec 10, 2001 at 11:19:18PM -0000, Pedro Inacio said:
--[ OpenSSH DoS Attack proof of concept ]-- by DrBrain <drbrain () phibernet org> / http://www.phibernet.org --[ Intro ]-- After some tests with sshd, I have noticed that it is possible to generate a DoS attack that gives you the following message when you try to contact the service: ---------- $ ssh user () somehost com ssh_exchange_identification: Connection closed by remote host ----------
[snip...] Isn't this just TCP socket connection overloading? Fill up the max amount of sockets and then the OS (any OS as I understand it, all with differant limits of course) won't allocate anymore? Not much to be done except probably a good set of ACLs...
for(;;) { servAddr.sin_family = h->h_addrtype; memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0], h->h_length); servAddr.sin_port = htons(atoi(argv[2])); sd = socket(AF_INET, SOCK_STREAM, 0); if(sd<0) { perror("Cannot Open Socket "); exit(1); }
-- josha.bronson(aka->dmuz) >> dmuz () angrypacket com networks/systems/security && CCNA, RHCE josha.net || dmuz.angrypacket.com
Current thread:
- Possible OpenSSH DoS Attack Pedro Inacio (Dec 10)
- Re: Possible OpenSSH DoS Attack Josha Bronson (Dec 10)
- Re: Possible OpenSSH DoS Attack Robert van der Meulen (Dec 11)
- Re: Possible OpenSSH DoS Attack Jose Nazario (Dec 11)
- Re: Possible OpenSSH DoS Attack Markus Friedl (Dec 11)