An Analysis of the DHEat DoS Against SSH in Cloud Environments

Chris Rapier rapier at psc.edu
Tue Jun 25 05:04:26 AEST 2024



On 6/19/24 4:11 PM, Joseph S. Testa II wrote:
> On Wed, 2024-06-19 at 09:19 -0400, chris wrote:
>> real world example (current snapshot of portable on linux v. dheater)
> 
> Thanks for this.  However, much more extensive testing would be needed
> to show it is a complete solution.  In my original research article, I
> used CPU idle time as the main metric.  Also, I showed that very low-
> latency network links could bypass the existing countermeasures.
> 
> I suppose in the next few days, I'll try reproducing my original steps
> with the new version and see what happens.

You may want to try this on IPv6 where you are frequently changing the 
attackers MAC address. If the IP is constructed with EUI-64 then it 
could start to flood the table used to store the penalized IPs. I'd 
really like to see what that looks like, especially in terms of 
CPU/memory utilization.


More information about the openssh-unix-dev mailing list