From owner-doc-jp@jp.freebsd.org  Sun Feb 25 02:32:17 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id CAA21805;
	Sun, 25 Feb 2001 02:32:17 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from mfo00.iij.ad.jp (mfo00.iij.ad.jp [202.232.2.117])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id CAA21800
	for <doc-jp@jp.freebsd.org>; Sun, 25 Feb 2001 02:32:16 +0900 (JST)
	(envelope-from kiroh@pp.iij4u.or.jp)
Received: from pp.iij4u.or.jp (pp.iij4u.or.jp [210.130.0.40])
	by mfo00.iij.ad.jp (8.8.8/MFO1.3) with ESMTP id CAA15471
	for <doc-jp@jp.freebsd.org>; Sun, 25 Feb 2001 02:32:16 +0900 (JST)
Received: from 192 (e130112.ppp.asahi-net.or.jp [211.13.130.112])
	by pp.iij4u.or.jp (8.8.8+2.2IIJ/4U1.1) with ESMTP id CAA06111
	for <doc-jp@jp.freebsd.org>; Sun, 25 Feb 2001 02:32:15 +0900 (JST)
To: doc-jp@jp.freebsd.org
From: Kiroh HARADA <kiroh@pp.iij4u.or.jp>
References: <200102072038.f17KcB513558@freefall.freebsd.org>
	<20010225.014504.08314398.hrs@eos.ocn.ne.jp>
In-Reply-To: <20010225.014504.08314398.hrs@eos.ocn.ne.jp>
Message-Id: <200102250230.DJE45570.JIPLS@pp.iij4u.or.jp>
X-Mailer: Winbiff without EditX [Version 2.31PL6]
Date: Sun, 25 Feb 2001 02:30:29 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 8004
Subject: [doc-jp 8004] Re: ANNOUNCE: FreeBSD Ports Security Advisory:FreeBSD-SA-01:22.dc20ctrl
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: kiroh@pp.iij4u.or.jp

$B$O$i$@!w?@8M$G$9!#(B
$B$:$$$V$s!"=P$F$/$k$N$O5W$7$V$j$J5$$,$7$^$9!#(B

<20010225.014504.08314398.hrs@eos.ocn.ne.jp> $B$N!"(B
   "[doc-jp 8003] Re: ANNOUNCE: FreeBSD Ports Security Advisory:FreeBSD-SA-01:22.dc20ctrl" $B$K$*$$$F!"(B
   "Hiroki Sato <hrs@eos.ocn.ne.jp>"$B$5$s$O=q$-$^$7$?!'(B

>  01:24 $B$O2<5-$NItJ,!"FC$K(B On average.. $B$+$i$N0lJ8$NLu$,$*$+$7$$$H(B
>  $B;W$&$N$G!"LuJ8Jg=8$G$9!#(B
> 
>   # to have a high chance of succeeding $B$N<gBN$,(B
>   # $BNI$/J,$+$i$s$G$9!#(B
> 
>   |This attack is mitigated by the requirement to initiate large
>   |numbers of SSH1 protocol connections to the server during the
>   |lifetime of the key.  On average a sustained connection rate of
>   |around 400 connections and SSH1 protocol handshakes must be carried
>   |out per second to have a high chance of succeeding within the 1 hour
>   |lifetime of the server key.  OpenSSH contains rate-limiting code
>   |which will limit the number of outstanding connections to a fraction
>   |of this number in the default configuration, and computational and
>   |network limitations may reduce this number still further.
>   |
>   |$B$3$N967b$O(B, $B0l;~%5!<%P80$NM-8z4|4VFb$N?75,(B SSH1 $B%W%m%H%3%k@\B3?t$r(B
>   |$BB?$/@_Dj$9$k$3$H$G4KOB$9$k$3$H$,$G$-$^$9(B.  $B967b$r<u$1$J$$$?$a$K$O(B,
>   |$B0l;~%5!<%P80$NM-8z4|4V(B, $B$D$^$j(B 1 $B;~4V0JFb$K%5!<%P$,<u$1F~$l$kM-8z$J@\B3$H(B
>   |SSH1 $B%W%m%H%3%k$N%O%s%I%7%'%$%/$,(B, $BKhICJ?6Q$7$F(B 400 $B@\B3A08eI,MW$K$J$j$^$9(B.
>   |OpenSSH $B$K$O(B, $B?75,@\B3?t$rI8=`$G@_Dj$5$l$?3d9g$K@)8B$9$k$?$a$N%3!<%I$,(B
>   |$B4^$^$l$F$*$j(B, $B<B:]$N@\B3?t$O$5$i$K(B, $B7W;;5!$NG=NO$*$h$S%M%C%H%o!<%/$N(B
>   |$BJ*M}E*$JB.EY$N8B3&$K$h$C$F@)8B$5$l$^$9(B.

$B$3$N967b$O!"%5!<%P80$NM-8z4|4VFb$KB??t$N(B SSH1 $B%W%m%H%3%k@\B3$r3NN)$7$J$1$l$P$J(B
$B$i$J$$$?$a!"$=$l$[$I6<0R$G$O$"$j$^$;$s!##1;~4V$N%5!<%P80$NM-8z4|4VFb$K!"$3$N96(B
$B7b$r9b$$3NN($G@.8y$5$;$k$?$a$K$O!"J?6Q$7$F!"KhICLs#4#0#02s$N(B SSH1 $B%W%m%H%3%k(B
$B%O%s%I%7%'%$%/$*$h$S@\B3$r9T$&I,MW$,$"$j$^$9!#(BOpenSSH $B$K$O%G%U%)%k%H$N@_Dj$G!"(B
$BKhIC$"$?$j$N@\B32DG=2s?t$r$3$N?t$h$j$+$J$j>/$J$/$9$k%3!<%I$,4^$^$l$F$$$^$9$7!"(B
$B7W;;5!$NG=NO$d%M%C%H%o!<%/$N@)8B$K$h$j!"2DG=$J@\B32s?t$O$5$i$K>/$J$/$J$k>l9g$b(B
$B$"$k$G$7$g$&!#(B

$B$/$i$$$G!"$$$+$,$G$7$g$&$+!)967b$KBP$9$kBP:v$G$O$J$/$F!"967b$NFq$7$5$r;XE&$7$?(B
$BJ8=q$G$9$M!#(B

$B$O$i$@$-$m$&(B
