Brett Glass wrote:
Because a potential intruder can establish multiple or "tag-teamed" TCP
sessions (possibly from different IPs) to the SSH server, a per-session limit
is barely useful and will not slow a determined attacker. A global limit
might, but would enable DoS attacks.
If you run ssh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-15:13.tcpSecurity Advisory
The FreeBSD Project
Topic:
Hi,
V. Solution
Perform one of the following:
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
c) Recompile your kernel as described in
https://www.FreeBSD.org/handbook/kernelconfig.ht
IV. Workaround
No workaround is available, but systems that do not provide TCP based
service to untrusted networks are not vulnerable.
Note that the tcpdrop(8) utility can be used to purge connections
which
have become wedged. For example, the following command can be used
to
generate comman
