diff options
Diffstat (limited to 'deattack.c')
| -rw-r--r-- | deattack.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/deattack.c b/deattack.c index b4fed7f85..1b37e4dab 100644 --- a/deattack.c +++ b/deattack.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: deattack.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Cryptographic attack detector for ssh - source code | 3 | * Cryptographic attack detector for ssh - source code |
| 4 | * | 4 | * |
| @@ -32,6 +32,24 @@ | |||
| 32 | #include "crc32.h" | 32 | #include "crc32.h" |
| 33 | #include "misc.h" | 33 | #include "misc.h" |
| 34 | 34 | ||
| 35 | /* | ||
| 36 | * CRC attack detection has a worst-case behaviour that is O(N^3) over | ||
| 37 | * the number of identical blocks in a packet. This behaviour can be | ||
| 38 | * exploited to create a limited denial of service attack. | ||
| 39 | * | ||
| 40 | * However, because we are dealing with encrypted data, identical | ||
| 41 | * blocks should only occur every 2^35 maximally-sized packets or so. | ||
| 42 | * Consequently, we can detect this DoS by looking for identical blocks | ||
| 43 | * in a packet. | ||
| 44 | * | ||
| 45 | * The parameter below determines how many identical blocks we will | ||
| 46 | * accept in a single packet, trading off between attack detection and | ||
| 47 | * likelihood of terminating a legitimate connection. A value of 32 | ||
| 48 | * corresponds to an average of 2^40 messages before an attack is | ||
| 49 | * misdetected | ||
| 50 | */ | ||
| 51 | #define MAX_IDENTICAL 32 | ||
| 52 | |||
| 35 | /* SSH Constants */ | 53 | /* SSH Constants */ |
| 36 | #define SSH_MAXBLOCKS (32 * 1024) | 54 | #define SSH_MAXBLOCKS (32 * 1024) |
| 37 | #define SSH_BLOCKSIZE (8) | 55 | #define SSH_BLOCKSIZE (8) |
| @@ -87,7 +105,7 @@ detect_attack(u_char *buf, u_int32_t len) | |||
| 87 | static u_int16_t *h = (u_int16_t *) NULL; | 105 | static u_int16_t *h = (u_int16_t *) NULL; |
| 88 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; | 106 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; |
| 89 | u_int32_t i, j; | 107 | u_int32_t i, j; |
| 90 | u_int32_t l; | 108 | u_int32_t l, same; |
| 91 | u_char *c; | 109 | u_char *c; |
| 92 | u_char *d; | 110 | u_char *d; |
| 93 | 111 | ||
| @@ -124,10 +142,12 @@ detect_attack(u_char *buf, u_int32_t len) | |||
| 124 | } | 142 | } |
| 125 | memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); | 143 | memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); |
| 126 | 144 | ||
| 127 | for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { | 145 | for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { |
| 128 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; | 146 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; |
| 129 | i = (i + 1) & (n - 1)) { | 147 | i = (i + 1) & (n - 1)) { |
| 130 | if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { | 148 | if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { |
| 149 | if (++same > MAX_IDENTICAL) | ||
| 150 | return (DEATTACK_DOS_DETECTED); | ||
| 131 | if (check_crc(c, buf, len)) | 151 | if (check_crc(c, buf, len)) |
| 132 | return (DEATTACK_DETECTED); | 152 | return (DEATTACK_DETECTED); |
| 133 | else | 153 | else |