From owner-freebsd-questions  Tue Dec  4  9:46:11 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13])
	by hub.freebsd.org (Postfix) with ESMTP id F0C6237B420
	for <freebsd-questions@FreeBSD.ORG>; Tue,  4 Dec 2001 09:45:50 -0800 (PST)
Received: from buffnet11.buffnet.net (buffnet11.buffnet.net [205.246.19.55])
	by buffnet4.buffnet.net (8.9.3/8.8.7) with ESMTP id NAA54247;
	Tue, 4 Dec 2001 13:02:36 -0500 (EST)
	(envelope-from shovey@buffnet.net)
Date: Tue, 4 Dec 2001 12:45:42 -0500 (EST)
From: Stephen Hovey <shovey@buffnet.net>
To: "Riley J. McIntire" <rileyjmc@pacbell.net>
Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: icmp dos attack?   sshd core dump
In-Reply-To: <NCBBLBILEPCHLFJAPIIPIEAGKFAA.rileyjmc@pacbell.net>
Message-ID: <Pine.BSF.4.05.10112041245260.25439-100000@buffnet11.buffnet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

An advisory just came out on a hole in ssh (I wont touch that with a 10
foot pole!)

On Tue, 4 Dec 2001, Riley J. McIntire wrote:

> Greetings:
> 
> This just showed up in a security check output log:
> 
> > icmp-response bandwidth limit 240/200 pps
> > icmp-response bandwidth limit 213/200 pps
> snip pages of this
> then
> > pid 49374 (sshd), uid 0: exited on signal 11 (core dumped)
> > pid 49375 (sshd), uid 0: exited on signal 11 (core dumped)
> snip
> > pid 49391 (sshd), uid 0: exited on signal 11 (core dumped)
> > pid 49394 (sshd), uid 0: exited on signal 11 (core dumped)
> > pid 49396 (sshd), uid 0: exited on signal 10 (core dumped)
> > pid 49397 (sshd), uid 0: exited on signal 10 (core dumped)
> snip
> > pid 49465 (sshd), uid 0: exited on signal 10 (core dumped)
> > pid 49466 (sshd), uid 0: exited on signal 10 (core dumped)
> 
> Note the change from a sig 11 to 10.
> 
> 
> A DOS attack?  The machine is up, I can connect via ssh, and I'm a bit
> at a loss of what, if anything, to do about this?
> 
> Thanks,
> 
> Riley
> 
> 
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> Benjamin Franklin
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message