Reset Search
 

 

Article

Enabling HostDos Blocks SSH to S-Series

« Go Back

Information

 
TitleEnabling HostDos Blocks SSH to S-Series
Symptoms
  • Enable HostDos
  • SSH session breaks
  • No new SSH session connect
Environment
  • S-Series
  • Firmware lower than 8.31.01.0005
Cause
Firmware bug
Resolution
Upgrade to 8.31.01.0005

Release notes say
HostDos Problems Corrected in 8.31.01.0005 Introduced in Version:
Enabling the HostDoS portScan feature mistakenly filters inbound packets on port 22 when SSH is enabled. HostDoS should only filter these packets when SSH is disabled. This may render the switches SSH server inoperable, and the DoS attack detection logic may produce false positives. A workaround is to not enable HostDos portScan, or to enable it but with a relatively high portScan rate limit. Another workaround is to disable and then re-enable SSH (via a Telnet or console connection). However, the problem will return following a system reboot.
Additional notes

Command to increase rate
hostDos Portscan rate 10 per-second

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255