[3815] in bugtraq
Re: Possible Denial of Service: SSH
daemon@ATHENA.MIT.EDU (Sven Gestegard)
Wed Dec 18 18:47:22 1996
Date: Wed, 18 Dec 1996 23:01:59 +0100
Reply-To: sven@df.lth.se
From: Sven Gestegard <sven@susie.sparta.lu.se>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.GSO.3.95.961218112419.10566A-100000@madli.ut.ee>
On Wed, 18 Dec 1996, Toomas Soome wrote:
> On Tue, 17 Dec 1996, Sean B. Hamor wrote:
>
[ snip, snip ]
>
> there is mutch simpler way to block sshd - just force sshd to ask pas=
sword
> in login time, now create connection and let ssh to wait for password=
....
> no one can login with ssh (with or without password) during this wait
> time.... tested with 1.2.17
Can anyone confirm this?
I wasn't able to reproduce this on either 1.2.14 or 1.2.17.
I ssh'ed to a host and left that session at the password prompt, and
after that I was still able to ssh into that box, both from localhost a=
nd
from a remote host. A quick ps reveals that a new sshd gets spawned for
every connection. Have I missed something?
/
/ Sven
--
| Sven Gesteg=E5rd | sven@df.lth.se =
|
| Studying Computer Science & Technology | d95sge@efd.lth.se =
|
| at Lund Institute of Technology, Sweden | http://www.efd.lth.se/~d95s=
ge |
| Finger for public PGP key and geek code | Phone: +46-(0)46-39 51 32 =
|
