diff options
Diffstat (limited to 'deattack.c')
-rw-r--r-- | deattack.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/deattack.c b/deattack.c index b4fed7f85..1b37e4dab 100644 --- a/deattack.c +++ b/deattack.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: deattack.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Cryptographic attack detector for ssh - source code | 3 | * Cryptographic attack detector for ssh - source code |
4 | * | 4 | * |
@@ -32,6 +32,24 @@ | |||
32 | #include "crc32.h" | 32 | #include "crc32.h" |
33 | #include "misc.h" | 33 | #include "misc.h" |
34 | 34 | ||
35 | /* | ||
36 | * CRC attack detection has a worst-case behaviour that is O(N^3) over | ||
37 | * the number of identical blocks in a packet. This behaviour can be | ||
38 | * exploited to create a limited denial of service attack. | ||
39 | * | ||
40 | * However, because we are dealing with encrypted data, identical | ||
41 | * blocks should only occur every 2^35 maximally-sized packets or so. | ||
42 | * Consequently, we can detect this DoS by looking for identical blocks | ||
43 | * in a packet. | ||
44 | * | ||
45 | * The parameter below determines how many identical blocks we will | ||
46 | * accept in a single packet, trading off between attack detection and | ||
47 | * likelihood of terminating a legitimate connection. A value of 32 | ||
48 | * corresponds to an average of 2^40 messages before an attack is | ||
49 | * misdetected | ||
50 | */ | ||
51 | #define MAX_IDENTICAL 32 | ||
52 | |||
35 | /* SSH Constants */ | 53 | /* SSH Constants */ |
36 | #define SSH_MAXBLOCKS (32 * 1024) | 54 | #define SSH_MAXBLOCKS (32 * 1024) |
37 | #define SSH_BLOCKSIZE (8) | 55 | #define SSH_BLOCKSIZE (8) |
@@ -87,7 +105,7 @@ detect_attack(u_char *buf, u_int32_t len) | |||
87 | static u_int16_t *h = (u_int16_t *) NULL; | 105 | static u_int16_t *h = (u_int16_t *) NULL; |
88 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; | 106 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; |
89 | u_int32_t i, j; | 107 | u_int32_t i, j; |
90 | u_int32_t l; | 108 | u_int32_t l, same; |
91 | u_char *c; | 109 | u_char *c; |
92 | u_char *d; | 110 | u_char *d; |
93 | 111 | ||
@@ -124,10 +142,12 @@ detect_attack(u_char *buf, u_int32_t len) | |||
124 | } | 142 | } |
125 | memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); | 143 | memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); |
126 | 144 | ||
127 | for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { | 145 | for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { |
128 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; | 146 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; |
129 | i = (i + 1) & (n - 1)) { | 147 | i = (i + 1) & (n - 1)) { |
130 | if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { | 148 | if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { |
149 | if (++same > MAX_IDENTICAL) | ||
150 | return (DEATTACK_DOS_DETECTED); | ||
131 | if (check_crc(c, buf, len)) | 151 | if (check_crc(c, buf, len)) |
132 | return (DEATTACK_DETECTED); | 152 | return (DEATTACK_DETECTED); |
133 | else | 153 | else |