Date: Thu, 24 Jun 1999 17:40:34 -0700 (PDT) From: Tom <tom@uniserve.com> To: Chris Costello <chris@calldei.com> Cc: # rm -rf /* <geniusj@shell.phrozen.org>, Seth <seth@freebie.dp.ny.frb.org>, stable@FreeBSD.ORG Subject: Re: DoS?? Message-ID: <Pine.BSF.4.02A.9906241738080.1214-100000@shell.uniserve.ca> In-Reply-To: <19990624190910.C42754@holly.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 24 Jun 1999, Chris Costello wrote: > On Thu, Jun 24, 1999, # rm -rf /* wrote: > > All I can really say is that in the netstat -a.. it was like a syn flood > > except all the connections were established on the ssh port.. we have > > figured out that it just overloads the cpu, bringing the load averages to > > over 500 until it ends.. since ssh has to generate a key, etc.. it takes > > very little to get the load like that.. > > This is already known. Thousands or tens of thousands of ssh > processes are opened up, seriously overloading the CPU. > > It should be deemed classic, and I think there's a way to > limit the maximum amount of connections on that port in > inetd.conf. Using sshd from inetd is just a bad idea. sshd as a daemon is much better, because the key is generated every hour. I belive sshd as a daemon has a max connections settings that you should definitely use. If you must use anything from inetd, use xinetd. xinet can limit connections per service. > -- > Chris Costello <chris@calldei.com> > Justify my text? I'm sorry but it has no excuse. > Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9906241738080.1214-100000>