[nsp-sec] coordinated slow ssh crack attempts
Florian Weimer
fweimer at bfk.de
Fri Sep 12 05:13:59 EDT 2008
Has anybody seen SSH server hangs preventing further logins
(LoginGraceTime not being enforced) as a result of this scanning
activity?
Looking at the OpenSSH sources, there's definitely a bug in the
implementation of the login timeout where
non-async-signal-handler-safe functions are called from a signal
handler. (I've filed a Debian bug about this, but haven't received an
acknowledgement with the bug number yet, sorry.)
Possible symptoms include lots of zombie sshd processes, or sshd
processes hanging in the [net] state.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list