Date: Thu, 24 Jun 1999 18:42:18 -0600 (MDT) From: # rm -rf /* <geniusj@shell.phrozen.org> To: Tom <tom@uniserve.com> Cc: Chris Costello <chris@calldei.com>, Seth <seth@freebie.dp.ny.frb.org>, stable@FreeBSD.ORG Subject: Re: DoS?? Message-ID: <Pine.LNX.4.10.9906241842080.3315-100000@shell.phrozen.org> In-Reply-To: <Pine.BSF.4.02A.9906241738080.1214-100000@shell.uniserve.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually, I coudln't find an option for maxusers in ssh anywhere.. On Thu, 24 Jun 1999, Tom wrote: > On Thu, 24 Jun 1999, Chris Costello wrote: > > > On Thu, Jun 24, 1999, # rm -rf /* wrote: > > > All I can really say is that in the netstat -a.. it was like a syn flood > > > except all the connections were established on the ssh port.. we have > > > figured out that it just overloads the cpu, bringing the load averages to > > > over 500 until it ends.. since ssh has to generate a key, etc.. it takes > > > very little to get the load like that.. > > > > This is already known. Thousands or tens of thousands of ssh > > processes are opened up, seriously overloading the CPU. > > > > It should be deemed classic, and I think there's a way to > > limit the maximum amount of connections on that port in > > inetd.conf. > > Using sshd from inetd is just a bad idea. sshd as a daemon is much > better, because the key is generated every hour. I belive sshd as a > daemon has a max connections settings that you should definitely use. > > If you must use anything from inetd, use xinetd. xinet can limit > connections per service. > > > -- > > Chris Costello <chris@calldei.com> > > Justify my text? I'm sorry but it has no excuse. > > > > > Tom > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9906241842080.3315-100000>