SSHD Brings down my system once again

Once again my Winbox has been totally hosed by sshd. I forgot to disable it after a reboot and when I came home the machine was barely working at all.

It appears that some lamer asswipe was trying to bruteforce me, but poor fool was looking for root password. Heh… This is a windows machine, and I have no user called root so he is never going to find it 🙂

Unfortunately, all these requests put strain on my poor little machine to the point where it keels over and dies. My EventViewer is overflowing with sshd events, and errors. I think the sshd service forks so many children that it runs out of working memory. And if some of the login attempts hang for the 2 minute login grace period, it is likely that the system simply cannot allocate space for other services, including registry lookups and such.

Again, I don’t think I was pwn3d. My registry is intact, and I don’t see any other signs of tampering with my system. Just the consistent brute force pounding every other day. I tweeked the sshd_config to limit the grace period to 20 sec, lowered the number of max concurrent auth attempts and to drop any excessive traffic. This should help conserving the resources…

However, considering the fact that cygwin is not rock solid, I no longer feel completely safe running this service on my machine. I don’t want some silly cygwin based buffer overflow to compromise my machine. So I’m taking sshd off again for a while. I might need to find another solution to access my desktop remotely 😛


3 Responses to “SSHD Brings down my system once again”

  1. Dan McCarron Says:

    Did you get his IP addy?


  2. Luke Says:

    Well, there were probably 7 different ones, all banging the shit out of me :O

    Might be zombies, or whatnot. I didn’t bother to investigate that much. You should have seen my apache logs – all my traffic for two last weeks were some assholes trying to run IIS exploits 😛

    Oh well, it should be all bouncing off the NIC right now. I’m planning to set up a linux box for ssh 🙂

  3. Dan McCarron Says:

    I recommend Free/OpenBSD instead of linux, Open being my first choice. you won’t need any fancy hardware to setup a fancy server. If you decide to try it and need any help/tips on setting it up, just buzz me. You can get started with a floppy and just do an ftp install , takes hardly any time on cable.

    MS!=server , but you know this.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: