|
During some testing I found a possible bug/issue with
OpenSSH ssh client. MachineA # cat < /dev/zero | nc –l –p 3000 MachineB# ssh [EMAIL PROTECTED] –p 3000 I have tested on OpenBSD 3.9, CentOS 4.3, Debian 3.1
and Solaris 9. This consumes 50-100% of available CPU time on
MachineB ( depending on the bandwith between them ). This could be used in a denial of service attack –
or could be used to stop ( or at least annoy ) ssh bruteforcers J But of course it would also consume my upstream
bandwith……. Espen |
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
