Date: Tue, 4 Dec 2001 10:56:09 -0800 From: "Riley J. McIntire" <rileyjmc@pacbell.net> To: "Stephen Hovey" <shovey@buffnet.net>, "Riley J. McIntire" <rileyjmc@pacbell.net> Cc: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: icmp dos attack? sshd core dump Message-ID: <NCBBLBILEPCHLFJAPIIPMEBAKFAA.rileyjmc@pacbell.net> In-Reply-To: <Pine.BSF.4.05.10112041245260.25439-100000@buffnet11.buffnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Stephen Hovey > Sent: Tuesday, December 04, 2001 9:46 AM > Subject: Re: icmp dos attack? sshd core dump > > An advisory just came out on a hole in ssh (I wont touch that > with a 10 > foot pole!) > Steve, The "OpenSSH UseLogin directive permits privilege escalation advisory", if that's what you're referring to, doesn't seem to apply. It's a hole for an otherwise authorized user (hmmm) and only with "UseLogin" enabled, which it isn't. Thanks, Riley > On Tue, 4 Dec 2001, Riley J. McIntire wrote: > > > Greetings: > > > > This just showed up in a security check output log: > > > > > icmp-response bandwidth limit 240/200 pps > > > icmp-response bandwidth limit 213/200 pps > > snip pages of this > > then > > > pid 49374 (sshd), uid 0: exited on signal 11 (core dumped) > > > pid 49375 (sshd), uid 0: exited on signal 11 (core dumped) > > snip > > > pid 49391 (sshd), uid 0: exited on signal 11 (core dumped) > > > pid 49394 (sshd), uid 0: exited on signal 11 (core dumped) > > > pid 49396 (sshd), uid 0: exited on signal 10 (core dumped) > > > pid 49397 (sshd), uid 0: exited on signal 10 (core dumped) > > snip > > > pid 49465 (sshd), uid 0: exited on signal 10 (core dumped) > > > pid 49466 (sshd), uid 0: exited on signal 10 (core dumped) > > > > Note the change from a sig 11 to 10. > > > > > > A DOS attack? The machine is up, I can connect via ssh, > and I'm a bit > > at a loss of what, if anything, to do about this? > > > > Thanks, > > > > Riley > > > > > > "They that can give up essential liberty to obtain a little > temporary > > safety deserve neither liberty nor safety." > > Benjamin Franklin > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NCBBLBILEPCHLFJAPIIPMEBAKFAA.rileyjmc>