SSH DOS?

Matthew Carpenter Thu, 14 Aug 2003 17:31:08 -0700

I am monitoring SSH from an OpenNMS box and two of my systems, both SuSE8.2pro boxen, 
are registering outages on SSH.  Normally I'd blame either the network or the NMS 
system (little puny box can hardly keep up) but sure enough, they were indeed DOS'd.  
The TCP connection was established and then it drops.  There appear to be quite a few 
sshd sessions open and not closed, which I am wondering about.  I know that the SSH 
poller doesn't establish a full SSH session but it shouldn't be able to cause a DOS...


[EMAIL PROTECTED]:~> ps ax |grep ssh
 1956 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 2693 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 3224 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 3612 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 3700 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 3849 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 3962 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 4020 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 4024 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 4987 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6476 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6504 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6537 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6539 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6568 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6593 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6636 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6644 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6652 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6716 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
 6722 ?        S      0:00 /usr/sbin/sshd -o PidFile /var/run/sshd.init.pid
11675 pts/2    S      0:00 ssh [EMAIL PROTECTED]
13614 pts/1    S      0:00 grep ssh
[EMAIL PROTECTED]:~>

Any thoughts?
openssh-3.5p1-68



-- 
Matthew Carpenter
[EMAIL PROTECTED]                          http://www.eisgr.com/

Enterprise Information Systems
*Network Consulting, Integration & Support
*Web Development and E-Business
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users

SSH DOS?

Reply via email to