LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page sshd gets killed because of DOS attack
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 01-27-2010, 12:33 AM   #1
ravindra1103
LQ Newbie
 
Registered: Apr 2007
Posts: 7

Rep: Reputation: 0
sshd gets killed because of DOS attack

I have sshd(openssh3.5p1) server running on my router and when i run tcpjunk to that port, sshd gets killed after some time

192.168.71.1 is my sshd server and 192.168.71.4 is my client from where i send my dos attack

This is the tcpjunk command i gave to the ssh server

#tcpjunk -s 192.168.71.1 -p 22 -c req -i 100
req session file contains string <fuzz any 100>

below attached is the netstat output. They are lot of these like these but i just pasted two lines for reference

#netstat -an|grep ":22"
tcp 0 0 192.168.71.1:22 192.168.71.4:37757 TIME_WAIT
tcp 0 0 192.168.71.1:22 192.168.71.4:55207 TIME_WAIT
...
...

...

...


Can any one on tell me where in the openssh code i have to search to find out the root cause for this issue


Thanks a lot in advance
 
Old 01-27-2010, 02:53 AM   #2
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 774

Rep: Reputation: 243Reputation: 243Reputation: 243
Do you mean "gets killed" as in it segfaults or as in it simply stops taking connections? sshd has code to limit the number of connects built-in as a security measure. If it's segfaulting or hanging, then maybe build a debug version of the binary and run it under gnu debug (gdb) while doing your testing. When it stops, look at the code and line number for the source that gdb gives you (make sure to include debug symbols in the binary) and focus your search there.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DoS attack? port 22 templeton Linux - Security 1 11-11-2008 03:48 PM
is this a Dos Attack?? xtremeclones Linux - Security 8 09-27-2006 01:40 AM
Attack on sshd caused near-DOS The MCP Linux - Security 2 02-14-2006 09:06 PM
detecting a DOS attack ignus Linux - Security 4 07-29-2004 02:17 PM
Are we under DOS attack? sarmadys Linux - Security 2 02-06-2002 09:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 11:56 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration