[12108] in bugtraq

home help back first fref pref prev next nref lref last post

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Sun Oct 3 23:58:52 1999

Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-581632224P"; micalg=pgp-md5;
              protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-Id:  <199910012038.d91Kcw324754@black-ice.cc.vt.edu>
Date:         Fri, 1 Oct 1999 16:38:57 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To:         Eric Griffis <egriffis@COMMONTECH.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  Your message of "Thu, 30 Sep 1999 12:04:14 PDT." 
              <003501bf0b76$9684df40$0701a8c0@grayface.commontech.com>

--==_Exmh_-581632224P
Content-Type: text/plain; charset=us-ascii

On Thu, 30 Sep 1999 12:04:14 PDT, Eric Griffis <egriffis@COMMONTECH.COM>  said:
> Also, I think the amount of processor time it takes to create a symbolic
> link is multiple times larger than the amount of time between the return of
> lstat and actual socket creation, which would require the sshd process to
> hang temporarily or be seriously slowed down. Is that feasible?
>
> How would these things be done, or is there something I missed? I'm very
> familiar with C and the unix environment, but the security-related aspects

cat >> slowmedown.c
main() { for(;;)}
^D
cc -o slowmedown slowmedown.c
for i in 1 2 3 4 5 6 7 8 9; do ./slowmedown &; done

Or apply yuor favorite fork bomb.  It's easy to slow things down as much as
needed - you get that load average up to 60 or 80 the window you're trying
to hit will get REAL wide.  I'f you're REALLY smart, you'll have all the
'slowmedown' processes trying to hit the window while they bog things down.


--
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech


--==_Exmh_-581632224P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

owFdU11oXEUUbmgUu7ragkVEhIMPboO72910m+xmm8S42ZqlqSlmkSpUmL333L3D
zs91Zm421+JjH/xBLCj13RcRrCCiPqigPvmgCAoWfNAHFRRBDeqTFs/cTTB04F7m
55zvnO+bb5498MrBm6bm/7rn+6+nmr/MvHtHb2rqATh4/b6n/72zcJr98dalz9+/
fGn6x3fqqzuLpfkXnp/vrneM2amc/vXQP1e+/KbQ/f2TxsrVF91Hh1976KcjH5QX
iz+8/d0t8tTl4Lm1aOfi+Q+fuPvoG3+6W7+6/cpL5S9OvnftXPOq/e3mu45cSKab
+uOfg/Mvv3rv8ua310vys7+Pnnl9+7Zrm59eaL05LdzhWlXaYXW2PteYreK2jA/Q
6GjlULlKP0twARxuu+OJYFy1IYiZsegWU1thNuC8WCgWNhT047QMJ2qwiQnUW60W
1GcXao2FegPOrfbL0DU8gIcNjyJu4RQOJ7MHOxtnz2480u921qo0XQKwjIcLxcIS
rAiry9ADF3M1oj8CkzpVDnQEidEBWqsNOC4RuAPHRmjBaQgMMkexYDM50IIHHkt4
CKorU+F4IjBPsyCYGSJhxEzdUCCHHaAbI06ODLrUKDrK4axjDpgKgQUuZQKsDkbo
JrW5VmUYxzyIYaxTEVLqUyk3mMNYG4d73VO3HoyKD0lfmWjDDBcZEKsBRaLhOrW0
tkKPMYRQj1UVeta36yBCZvlA4LKH8N+aHu/WozoWc9mG1iOFWmHZo3Kfi9SJ1RLz
c5JXcmsxXIZeScIWmsxjRUxywZmBMXcxdHKmvvtU8W1AtcWNVpLMUYZB6ia8MEgN
d1nFoCD5SRibYOCs90ZA7S4t5TQk5izoTiRZ6dgMXIRIm2Pt9swzxcKTqxQbQEXv
C70hK/IsgCuowyycgAachDmYhya02kQTqsf3Zd7fzpnn7jTAkoSkzFICiNiWpl7R
lx7BQMtBFaDnShZI08x7yKPsCZhjMW8dulBGhBRiSAQrkOkUhugm9yE0I9IkIBuS
TolHmat50Zu1XKAxV4Tkc0reCiYj8GKBomIy75gLkUM92l1Zp1WIvqNStBfut9cf
ByuZIc39JsXHVA0YTQi+WCj9z7y0ZzD/IPJCsFtnXyNkUJFbMiMFhvvJVr1ixUKl
QrY6ROMxJkJyzhmBTnEc2cluR8skdfR4NjNL5rX07BUnul015KSQ2c3lhpacQR+D
2KP+Bw==
=VWS3
-----END PGP MESSAGE-----

--==_Exmh_-581632224P--
home help back first fref pref prev next nref lref last post