Re: Dropbear SSH server Denial of Service

To: Matt Johnston <matt@xxxxxxxxxx>
Subject: Re: Dropbear SSH server Denial of Service
From: Damien Miller <djm@xxxxxxxxxxx>
Date: Sat, 11 Mar 2006 13:51:47 +1100 (EST)
Cc: Pablo Fernandez <pablo@xxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20060310072030.GH24032@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <1141760877.12514.2.camel@xxxxxxxxxxxxxxxxxxxxx> <20060310072030.GH24032@xxxxxxxxxxxxxxxxx>

On Fri, 10 Mar 2006, Matt Johnston wrote:

> Dropbear 0.48 mitigates this issue by having a per-IP limit
> as well as a global limit - this will at least prevent an
> IP-deprived attacker from denying service.
> 
> It's worth noting that various other network services (such
> as netkit-inetd and OpenSSH) have the same design issues, at
> least in default configurations.

OpenSSH has had connection-flood DoS mitigation since 2000, in the 
form of random early drop of connections so legitimate users have a
probabalistic change of getting in. See the "MaxStartups" documentation
in sshd_config(5)

-d

References:
- Dropbear SSH server Denial of Service
  - From: Pablo Fernandez
- Re: Dropbear SSH server Denial of Service
  - From: Matt Johnston

Prev by Date: [ GLSA 200603-07 ] flex: Potential insecure code generation
Next by Date: Coppermine exploit used by a Chase Phish?
Previous by thread: Re: Dropbear SSH server Denial of Service
Next by thread: Re: Dropbear SSH server Denial of Service
Index(es):
- Date
- Thread