- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: ssh attack, allows partial DOS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-06-2006 02:24 AM
тАО02-06-2006 02:24 AM
ssh attack, allows partial DOS
This is mostly a warning. The default ssh connection limit of 10,000 easily allows ssh robots to overrun maxprocesscnt. When this has happened on my system it has forced a shutdown of the batch queue and I don't know what else. This causes a partial denial-of-service. I think during install of ssh, it should put a realistic limit based on current maxprocesscnt or have some quicker means of intrusion blocking of ip ranges.
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-06-2006 02:32 AM
тАО02-06-2006 02:32 AM
Re: ssh attack, allows partial DOS
Thx for the warning. Changed it on my system.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-06-2006 02:36 AM
тАО02-06-2006 02:36 AM
Re: ssh attack, allows partial DOS
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-06-2006 03:08 AM
тАО02-06-2006 03:08 AM
Re: ssh attack, allows partial DOS
I had same problem too.
During night I observe sometimes 200 - 500 attepts to login to my system via ssh. The problem is then, that my system does not have enough process slots. If a batch job is starting at exactly the time, where I do not have a free balanceset slot, the batchjob can't start.
I solved the problem by adding some code to the ssh's login.com. If there are more than 5 connects from the same source address within 1 minute, I just kill them with stop/id. Further I introduced private and public keys. This way I can be sure, that i will not have uninvited guests.....
Regards
Heinz
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-06-2006 03:35 AM
тАО02-06-2006 03:35 AM
Re: ssh attack, allows partial DOS
Same could be said for telnet which causes a process creation
But the service limit for TELNET seems to be more 'reasonable'.
Make sure you reduce the SSH service limit way beyond your MAXPROCESSCNT system parameter.
Batch queues will stop, if process creation fails with %JBC-F-NOSLOT due to exceeding MAXPROCESSCNT.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-06-2006 03:42 AM
тАО02-06-2006 03:42 AM
Re: ssh attack, allows partial DOS
1) Try copying a file of 15 MB between 2 SSH nodes.
rcp : 25 sec, 2% cpu
scp : 100 sec, +- 20% cpu
2) Prio of the encrypting process : 8
3) Prio of the remote process when doing SSH as rsh : 2 (interactive : 4).
Over here they are considering copying db's between nodes with it. Will need some extra cpu's ... good business for HP (and the others).
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2006 01:10 AM
тАО02-07-2006 01:10 AM
Re: ssh attack, allows partial DOS
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2006 01:13 AM
тАО02-07-2006 01:13 AM
Re: ssh attack, allows partial DOS
field limit is max
$ ucx set servi ssh/lim=10
to modify it but
$ ucx disa servi ssh
$ ucx ena servi ssh
to activate it
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2006 02:21 AM
тАО02-07-2006 02:21 AM
Re: ssh attack, allows partial DOS
Thanks for the heads up on this issue.
I agree with you about putting a realistic limit on the number of sessions. Certainly a base value of 10% or even 20% of maxprocesscnt would be the maximum that this number should be set to by default. I can imagine that someone might have a server where ALL of the remote activity is conducted through SSH -- on such a system you might want the limit to be 50% or higher, but give the system manager the responsibility to raise it.
Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-20-2006 06:49 AM
тАО04-20-2006 06:49 AM