SSH DOS?

[Matthew Carpenter]

On Thu, 14 Aug 2003 22:19:16 -0400
Kurt Wall <kwall at kurtwerks.com> wrote:

> Quoth Matthew Carpenter:
> > I am monitoring SSH from an OpenNMS box and two of my systems, both
> > SuSE8.2pro boxen, are registering outages on SSH.  Normally I'd blame
> > either the network or the NMS system (little puny box can hardly keep
> > up) but sure enough, they were indeed DOS'd.  The TCP connection was
> > established and then it drops.  There appear to be quite a few sshd
> > sessions open and not closed, which I am wondering about.  I know that
> > the SSH poller doesn't establish a full SSH session but it shouldn't be
> > able to cause a DOS...
> 
> Was it really DoSed or was it merely an attempt?

It was a DOS, but not an intentional one.  I believe it was the fault of my network management system.

> 
> > Any thoughts?
> > openssh-3.5p1-68
> 
> What was the source of the attack?

My NMS, I believe.  It wasn't a HUGE attack.  Just one which took SSHD offline.