[Bug 948] high CPU in sshd after tcp_wrappers deny

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Nov 1 06:59:19 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=948

           Summary: high CPU in sshd after tcp_wrappers deny
           Product: Portable OpenSSH
           Version: 3.9p1
          Platform: Sparc
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: atlunde at panix.com
                CC: atlunde at panix.com


We are using OpenSSH sshd built with the tcp_wrappers library, and rules set to
deny access not coming from our local domain.

Recently we have seen cases where an sshd process was left running and consuming
a large amount of CPU. Looking at the logs and the time the process was started,
it appears that the trigger was a denied ssh connection blocked by tcp_wrappers. 

(I suspect this was the password guessing attack that's been going around
recently, because we've gotten few blocked ssh connections in the past, but I
can't say for sure.)

This was on Solaris 8, openssh-3.9p1, OpenSSL 0.9.7d, tcp_wrappers 7.6

uname -a
SunOS XXXXXX 5.8 Generic_108528-18 sun4u sparc SUNW,Sun-Fire-280R



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list