[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote IP (and hot to server-side disconnect)
[Thread Prev] | [Thread Next]
- Subject: Re: Remote IP (and hot to server-side disconnect)
- From: keneto@xxxxxxxxxxxxx
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 30 May 2025 08:11:44 -0400
- To: libssh@xxxxxxxxxx
After much field-exploration, I have determined the source of thefreezes as ssh_handle_key_exchange()
The server code enters here and never returns. No exception is thrown...it simply goes poof in there.
And you know you're in no-man's land when Google can only find a handfulof matches such as this one from 12 yrs ago:
https://libssh.libssh.narkive.com/aV5Drqf2/callbacks-and-ssh-handle-key-exchange-dead-lock Plus this fascinating one from 2025: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day The latter makes me wonder if my bad actors are trying to exploit the zero-day to get shell access and causing the freezes. While I know exactly where the freeze occurs, I haven't been able to pinpoint external patterns. It may occur after 400-500 clients or as little astwo.
Really curious about how to get the IP address now to see if it's originating from the same zone
| Remote IP (and hot to server-side disconnect) | keneto@xxxxxxxxxxxxx |
| Re: Remote IP (and hot to server-side disconnect) | keneto@xxxxxxxxxxxxx |