Latest DoS

Question

Latest DoS

shazow opened this issue 3 years ago · 7 comments

Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...6841] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...3:55819] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...55127] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...51013] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...8010] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53523] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...4630] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53522] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...38010] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:34787] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...50821] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...7950] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53524] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...8014] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:38089] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...848] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...55974] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...3682] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...53958] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...45584] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...42336] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...55139] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...51018] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...546] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...8016] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:40832] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...6410] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...53932] Failed to handshake: ssh: overflow reading version string

Past some point it prevents people from joining, will need to fix before I reboot the server again.

Hope I don't have to email anyone's principal.

Update: Looks like a SYN flood.

Answer 1 · 2021-11-29T15:00:26.000Z

Probably related:

...
[20008405.372955] TCP: request_sock_TCP: Possible SYN flooding on port 22. Sending cookies.  Check SNMP counters.
[20549841.888709] TCP: request_sock_TCP: Possible SYN flooding on port 22. Sending cookies.  Check SNMP counters.

Answer 2 · 2022-09-10T03:34:11.000Z

Has this got anywhere?

Answer 3 · 2022-09-10T17:23:09.000Z

@Declan-Reid any new information to share?

Answer 4 · 2022-09-11T07:35:04.000Z

No, how can I help?

Answer 5 · 2022-09-11T15:21:59.000Z

@Declan-Reid I think I have a proof of concept test in #407 but I haven't found a good way to mitigate it yet. Could try to reproduce it on your end, and could try to rebase the code on the latest ssh library we're using to see if it's fixed on their end. :)

Answer 6 · 2022-12-23T13:52:42.000Z

GIVE me more

Answer 7 · 2022-12-23T14:03:43.000Z

Bro I'm ngl I totally forgot about this.