Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest DoS #406

Open
shazow opened this issue Nov 26, 2021 · 7 comments
Open

Latest DoS #406

shazow opened this issue Nov 26, 2021 · 7 comments

Comments

@shazow
Copy link
Owner

shazow commented Nov 26, 2021
edited
Loading 

Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...6841] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...3:55819] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...55127] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...51013] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...8010] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53523] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...4630] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53522] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...38010] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:34787] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...50821] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...7950] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53524] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...8014] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:38089] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...848] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...55974] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...3682] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...53958] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...45584] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...42336] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...55139] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...51018] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...546] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...8016] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:40832] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...6410] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...53932] Failed to handshake: ssh: overflow reading version string

Past some point it prevents people from joining, will need to fix before I reboot the server again.

Hope I don't have to email anyone's principal.

Update: Looks like a SYN flood.
@shazow shazow mentioned this issue Nov 27, 2021
Open
@shazow
Copy link
Owner Author

shazow commented Nov 29, 2021

Probably related:

...
[20008405.372955] TCP: request_sock_TCP: Possible SYN flooding on port 22. Sending cookies.  Check SNMP counters.
[20549841.888709] TCP: request_sock_TCP: Possible SYN flooding on port 22. Sending cookies.  Check SNMP counters.

@Declan-Reid
Copy link

Has this got anywhere?

@shazow
Copy link
Owner Author

shazow commented Sep 10, 2022

@Declan-Reid any new information to share?

@Declan-Reid
Copy link

No, how can I help?

@shazow
Copy link
Owner Author

shazow commented Sep 11, 2022

@Declan-Reid I think I have a proof of concept test in #407 but I haven't found a good way to mitigate it yet. Could try to reproduce it on your end, and could try to rebase the code on the latest ssh library we're using to see if it's fixed on their end. :)

@ghost
Copy link

ghost commented Dec 23, 2022

GIVE me more

@Declan-Reid
Copy link

Bro I'm ngl I totally forgot about this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shazow @Declan-Reid