Terminally Incoherent

Utterly random, incoherent and disjointed rants and ramblings...

Tuesday, February 07, 2006

SSHD Brings down my system once again

Once again my Winbox has been totally hosed by sshd. I forgot to disable it after a reboot and when I came home the machine was barely working at all.

It appears that some lamer asswipe was trying to bruteforce me, but poor fool was looking for root password. Heh... This is a windows machine, and I have no user called root so he is never going to find it :)

Unfortunately, all these requests put strain on my poor little machine to the point where it keels over and dies. My EventViewer is overflowing with sshd events, and errors. I think the sshd service forks so many children that it runs out of working memory. And if some of the login attempts hang for the 2 minute login grace period, it is likely that the system simply cannot allocate space for other services, including registry lookups and such.

Again, I don't think I was pwn3d. My registry is intact, and I don't see any other signs of tampering with my system. Just the consistent brute force pounding every other day. I tweeked the sshd_config to limit the grace period to 20 sec, lowered the number of max concurrent auth attempts and to drop any excessive traffic. This should help conserving the resources...

However, considering the fact that cygwin is not rock solid, I no longer feel completely safe running this service on my machine. I don't want some silly cygwin based buffer overflow to compromise my machine. So I'm taking sshd off again for a while. I might need to find another solution to access my desktop remotely :P

3 Comments:

  • At Sat Feb 11, 04:48:00 AM, Anonymous Dan McCarron said…

    Did you get his IP addy?

    //Dan

     
  • At Sat Feb 11, 04:53:00 PM, Blogger Luke said…

    Well, there were probably 7 different ones, all banging the shit out of me :O

    Might be zombies, or whatnot. I didn't bother to investigate that much. You should have seen my apache logs - all my traffic for two last weeks were some assholes trying to run IIS exploits :P

    Oh well, it should be all bouncing off the NIC right now. I'm planning to set up a linux box for ssh :)

     
  • At Mon Feb 13, 03:08:00 AM, Anonymous Dan McCarron said…

    I recommend Free/OpenBSD instead of linux, Open being my first choice. you won't need any fancy hardware to setup a fancy server. If you decide to try it and need any help/tips on setting it up, just buzz me. You can get started with a floppy and just do an ftp install , takes hardly any time on cable.

    MS!=server , but you know this.

    //Dan

     

Post a Comment

Links to this post:

Create a Link

<< Home