Radware Linkproof: SSH port DoS
From: Martin Mačok (martin.macok_at_underground.cz)
Date: 06/27/03
- Previous message: Hyperion: "Starting on Assembly under win32"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Jun 2003 09:03:53 +0200 To: vuln-dev@securityfocus.com
While doing an external pen-test I have found that Radware Linkproof
boxes with port 22 open ("SSH-2.0-1.0 Radware SSH") do not allow
2 simultaneous connections to that port.
If I open one connection ("ssh whatever@<ip>") and let the daemon wait
for the password (10 minutes no problem) then I cannot make another
connection to port 22 on this box even from different source IP
("Connection closed by server: Server reached maximum number of
simultaneous connections") until I explicitely close the first
connection -- which means that I can easily DoS that service.
Can somebody with better knowledge of this devices tell me if this is
the default behaviour or some clueless configuration (except the
obvious one that this service is wide opened to the Internet)?
Radware contacted 19.6. 2003. No response yet.
--
Martin Mačok http://underground.cz/
martin.macok@underground.cz http://Xtrmntr.org/ORBman/
- Previous message: Hyperion: "Starting on Assembly under win32"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
