Conversation

Our ns1.grapheneos.org DNS server was targeted by a DoS attack yesterday. They didn't target the DNS service but rather... SSH. That's a new one. Can see the traffic spike but it was hardly anything compared to the usual attacks. Still, SSH buckled. nodeping.com/reports/status

Replying to

Hmmm just in time (31 aug) Package : libssh CVE ID : CVE-2021-3634 Debian Bug : 993046 It was discovered that a buffer overflow in rekeying in libssh could result in denial of service or potentially the execution of arbitrary code.

Daniel Micay

@DanielMicay

Replying to

@HacKanCuBa

It's OpenSSH 8.7p1 so it's not like there are any publicly known vulnerabilities. libssh is a totally separate thing from OpenSSH.

7:16 PM · Sep 5, 2021Twitter Web App

Replying to

Sure thing, but attackers may not know that... oh wait, ssh does disclose that info during handshake right?

Replying to

You can try `ssh -vvv root@ns1.grapheneos.org` and see that it discloses it. debug1: Remote protocol version 2.0, remote software version OpenSSH_8.7 Our configuration is at github.com/GrapheneOS/inf. We just disable password authentication and the legacy cryptography support.

github.com

infrastructure/sshd_config at main · GrapheneOS/infrastructure

Shared server infrastructure. Contribute to GrapheneOS/infrastructure development by creating an account on GitHub.