From owner-freebsd-security  Fri Jan 26 12:31: 3 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.zuhause.org (zuhause.org [205.215.217.178])
	by hub.freebsd.org (Postfix) with ESMTP id EF8CE37B401
	for <freebsd-security@FreeBSD.ORG>; Fri, 26 Jan 2001 12:30:46 -0800 (PST)
Received: by mail.zuhause.org (Postfix, from userid 1001)
	id 32A707C83; Fri, 26 Jan 2001 14:30:45 -0600 (CST)
From: Bruce Albrecht <bruce@zuhause.mn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14961.56948.936058.387747@localhost.zuhause.org>
Date: Fri, 26 Jan 2001 14:30:44 -0600 (CST)
To: freebsd-security@FreeBSD.ORG
Subject: Re: wierd ssh failure 
In-Reply-To: <200101261752.f0QHqDs33135@earth.backplane.com>
References: <14961.46979.314273.536660@localhost.zuhause.org>
	<200101261752.f0QHqDs33135@earth.backplane.com>
X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Matt Dillon writes:
 > :I was trying to log onto my FreeBSD box today from work via ssh after
 > :an ssh session apparently terminated, and for about 5 minutes I was
 > :getting an error something like "User does not exist! Go away!".
 > :Since this is not normal behaviour for ssh, does anyone have any idea
 > :what might have happened?  Could someone be doing a man-in-the-middle
 > :attack on me?  
 > :
 > 
 >     ssh has a really ridiculously low default connections/second limit,
 >     you might have hit that (or maybe not, I don't get 'user does not exist'
 >     errors when I overrun it).  Look in your /etc/ssh/sshd_config.
 > 
 >     The limit has been depreciated (removed) in -current and -stable, but
 >     was present in 4.2-REL.  Here's what I get:
 > 

I forgot to mention that I'm running 4.2-stable (circa last week).
When I ran strings on sshd, I couldn't find the message that I got
from ssh, which is why I'm wondering if this was a temporary routing
error, or an attempt to do a man-in-the-middle attack.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message