Git
/
ssh-audit
mirror of https://github.com/jtesta/ssh-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revised connection rate warning during standard audits.

This commit is contained in:
Joe Testa 2024-04-22 11:58:52 -04:00
parent 46b89fff2e
commit 3c459f1428
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssh_audit/dheat.py
View File

@ -51,7 +51,7 @@ class DHEat:
MAX_SAFE_RATE = 20.0
# The warning added to DH algorithms in the UI when dh_rate_test determines that no throttling is being done.
DHEAT_WARNING = "Potentially insufficient connection throttling detected, resulting in possible vulnerability to the DHEat DoS attack (CVE-2002-20001). Suppress this test and message with the --skip-rate-test option. Additional info: {connections:d} connections were created in {time_elapsed:.3f} seconds, or {rate:.1f} conns/sec; server must respond with a rate less than {max_safe_rate:.1f} conns/sec to be considered safe."
DHEAT_WARNING = "Potentially insufficient connection throttling detected, resulting in possible vulnerability to the DHEat DoS attack (CVE-2002-20001). {connections:d} connections were created in {time_elapsed:.3f} seconds, or {rate:.1f} conns/sec; server must respond with a rate less than {max_safe_rate:.1f} conns/sec per IPv4/IPv6 source address to be considered safe. For rate-throttling options, please see <https://www.ssh-audit.com/hardening_guides.html>. Suppress this test and message with the --skip-rate-test option."
# List of the Diffie-Hellman group exchange algorithms this test supports.
gex_algs = [