[Bug 948] high CPU in sshd after tcp_wrappers deny
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Nov 1 06:59:19 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=948
Summary: high CPU in sshd after tcp_wrappers deny
Product: Portable OpenSSH
Version: 3.9p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: atlunde at panix.com
CC: atlunde at panix.com
We are using OpenSSH sshd built with the tcp_wrappers library, and rules set to
deny access not coming from our local domain.
Recently we have seen cases where an sshd process was left running and consuming
a large amount of CPU. Looking at the logs and the time the process was started,
it appears that the trigger was a denied ssh connection blocked by tcp_wrappers.
(I suspect this was the password guessing attack that's been going around
recently, because we've gotten few blocked ssh connections in the past, but I
can't say for sure.)
This was on Solaris 8, openssh-3.9p1, OpenSSL 0.9.7d, tcp_wrappers 7.6
uname -a
SunOS XXXXXX 5.8 Generic_108528-18 sun4u sparc SUNW,Sun-Fire-280R
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list