sshd killed due to dos attack

Thu Jan 28 20:30:11 EST 2010

Hi Ben,

 Thanks a lot for the response. I gave MaxStartups 10:30:60 (these are
defaults i suppose for our requirements). Still facing the same issue. Is
sshd getting killed is the expected behaviour?in that case how can i work
around so that instead of killing sshd i just drop extra connections. Also
interesting fact is drop_connections is not getting called?

Thanks & Regards,
Ravindranath

On Wed, Jan 27, 2010 at 8:10 PM, Ben Lindstrom <mouring at eviladmin.org>wrote:

>
> You really need to explain what you are doing as a DOS attack.. If all you
> are doing is filling up the max unauthenticated connections this is a known
> feature and you really should read the sshd_config manpage on "MaxStartups"
> feature.
>
> - Ben
>
>
> On Jan 27, 2010, at 12:51 AM, ravindra Chavalam wrote:
>
> > Hi,
> >
> > I am not sure to report this as a bug. so mailing to the list.
> >
> >
> > I have sshd(openssh3.5p1) server running on my router and when i run
> tcpjunk
> > to that port, sshd gets killed after some time
> >
> > 192.168.71.1 is my sshd server and 192.168.71.4 is my client from where i
> > send my dos attack
> >
> > This is the tcpjunk command i gave to the ssh server
> >
> > #tcpjunk -s 192.168.71.1 -p 22 -c req -i 100
> > req session file contains string <fuzz any 101>
> >
> > below attached is the netstat output. They are lot of these like these
> but i
> > just pasted two lines for reference
> >
> > #netstat -an|grep ":22"
> > tcp 0 0 192.168.71.1:22 192.168.71.4:37757 TIME_WAIT
> > tcp 0 0 192.168.71.1:22 192.168.71.4:55207 TIME_WAIT
> > ...
> > ...
> >
> > ...
> >
> > ...
> >
> >
> > Can any one on tell me where in the openssh code i have to search to find
> > out the root cause for this issue
> >
> >
> > Thanks a lot in advance
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>