[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote IP (and hot to server-side disconnect)
[Thread Prev] | [Thread Next]
- Subject: Re: Remote IP (and hot to server-side disconnect)
- From: keneto@xxxxxxxxxxxxx
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 30 May 2025 08:11:44 -0400
- To: libssh@xxxxxxxxxx
After much field-exploration, I have determined the source of thefreezes as ssh_handle_key_exchange()
The server code enters here and never returns. No exception is thrown...it simply goes poof in there.
And you know you're in no-man's land when Google can only find a handfulof matches such as this one from 12 yrs ago:
https://libssh.libssh.narkive.com/aV5Drqf2/callbacks-and-ssh-handle-key-exchange-dead-lock Plus this fascinating one from 2025: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day The latter makes me wonder if my bad actors are trying to exploit the zero-day to get shell access and causing the freezes. While I know exactly where the freeze occurs, I haven't been able to pinpoint external patterns. It may occur after 400-500 clients or as little astwo.
Really curious about how to get the IP address now to see if it's originating from the same zone
Remote IP (and hot to server-side disconnect) | keneto@xxxxxxxxxxxxx |
Re: Remote IP (and hot to server-side disconnect) | keneto@xxxxxxxxxxxxx |