Sorry for old news - but there is no still any patch against this DoS on an official ssh site. > From: Jose Nazario <joseat_private> > > yeah, i noted this to the ssh development team in march, 1999. this was > under version 1.2.26, and then 1.2.27 came out and there was no fix for > it. i didn't BUGTRAQ it as i find such info without a real fix to be > irresponsible. my coding sucks and i haven't been able to get my > MaxClients parameter to work in sshd. this would then be analogous to that > found in the apache web server. my incomplete code diffs are available to > anyone who wants to make it work, i get errors when it forks the child > process to handle the socket. Unofficial quick patch is on http://sonet.crimea.ua/sshd_patch/ Limits max connections from the same IP and max number of children (I didn't played with accept()/SYN/spoofing things - so last parameter may be more relevant). Parameters are hardcoded ("keep it simple, stupid" in mind). -- Stas Kisel. UNIX, security, C, TCP/IP, Web. UNIX - the best adventure game http://www.tekmetrics.com/transcript.shtml?pid=20053 http://www.crimea.edu +380(652)510222,230238 ; stasat_private stasat_private ; 2:460/54.4
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:04:56 PDT