Comments on: Tiger: Differences between stock and Apple OpenSSH http://www.theconsultant.net/2005/06/tiger-openssh-and-srv-resolution/ Simplicity is complicated. Sun, 31 Aug 2008 17:35:28 -0400 http://wordpress.org/?v=2.9.1 hourly 1 By: shiftzwei » Blog Archive » Mac OS X und Openssh http://www.theconsultant.net/2005/06/tiger-openssh-and-srv-resolution/comment-page-1/#comment-1766 shiftzwei » Blog Archive » Mac OS X und Openssh Thu, 20 Oct 2005 17:05:58 +0000 http://www.theconsultant.net/archives/2005/06/25/tiger-openssh-and-srv-resolution/#comment-1766 [...] openssh von Haus aus, allerdings hat Apple ein paar Modifikationen hinzugefügt (mehr dazu hier). Die schnellste Möglichkeit openssh zu benutzen ist da [...] [...] openssh von Haus aus, allerdings hat Apple ein paar Modifikationen hinzugefügt (mehr dazu hier). Die schnellste Möglichkeit openssh zu benutzen ist da [...]

]]> By: DouglasDD http://www.theconsultant.net/2005/06/tiger-openssh-and-srv-resolution/comment-page-1/#comment-1757 DouglasDD Thu, 01 Sep 2005 02:42:36 +0000 http://www.theconsultant.net/archives/2005/06/25/tiger-openssh-and-srv-resolution/#comment-1757 The same DNS behavior that you describe is about to get me and my Mac (10.4.2) banned / disconnected by my ISP (Rogers.com), who say that my box is abusing their DNS to the tune of dozens of queries per second! When they say the abuse was happening I was running 10.4.2, I’ve just now updated to Security Update 2005-007 (v1.1) - but have no way to tell if the issue is fixed or not until after they ban me (again) - their 2nd level tech support ("EULA enforcement team") was no real help. So far this page, and the other blog linked from here are my only sources of real information, but as a Java guy (not a network guy) I'm way out of my depth trying to understand what's going on. I seem to have the same ssh binary as you do - 10.4.2 w/ Sec-Updt 2005-007(1.1): b582a5b1da5999b6832dec6cb9477917 /usr/bin/ssh a928873e32134ef8b21ed3082b744b5c /usr/sbin/sshd My next step is to try building OpenSSH_p and run the resulting sshd instead of /usr/sbin/sshd (thanks for the tip!) In the meantime I've disabled the sshd on both the Mac and the GentooLinux box just to be safe. (Don't know how I'll manage without being able to ssh back home from work, but hopefully I can continue like this until I get a replacement sshd FYI, their auto-generated nasty-gram included the following log snippet: Date Time, Src, Query, Query type 2005-08-24 10:03:02.87574, 24.157.68.55, telnet.tcp.quickbeam.rogers.com., Internet Unknow 2005-08-24 10:03:02.89364, 24.157.68.55, quickbeam.slnt.phub.net.cable.rogers.com., Internet Addr ? 2005-08-24 10:03:02.91165, 24.157.68.55, quickbeam.slnt.phub.net.cable.rogers.com., Internet Addr ? 2005-08-24 10:03:02.92965, 24.157.68.55, quickbeam.phub.net.cable.rogers.com., Internet Addr ? 2005-08-24 10:03:02.94782, 24.157.68.55, quickbeam.phub.net.cable.rogers.com., Internet Addr ? Date Time,Dst,Query,Response 2005-08-24 10:03:2.87637,24.157.68.55,Error:,3(Name Error) 2005-08-24 10:03:2.89392,24.157.68.55,Error:,3(Name Error) 2005-08-24 10:03:2.91205,24.157.68.55,Error:,3(Name Error) 2005-08-24 10:03:2.93289,24.157.68.55,Error:,3(Name Error) 2005-08-24 10:03:2.94814,24.157.68.55,Error:,3(Name Error) ...where "quickbeam" is the host name of my Mac (behind a Cable/DSL Router) Many thanks for the info, ./ddd PS - appologies for the (mis-?)formatting but a quick look turned up no post-syntax guide. The same DNS behavior that you describe is about to get me and my Mac (10.4.2) banned / disconnected by my ISP (Rogers.com), who say that my box is abusing their DNS to the tune of dozens of queries per second!

When they say the abuse was happening I was running 10.4.2, I’ve just now updated to Security Update 2005-007 (v1.1) – but have no way to tell if the issue is fixed or not until after they ban me (again) – their 2nd level tech support (“EULA enforcement team”) was no real help.

So far this page, and the other blog linked from here are my only sources of real information, but as a Java guy (not a network guy) I’m way out of my depth trying to understand what’s going on.

I seem to have the same ssh binary as you do – 10.4.2 w/ Sec-Updt 2005-007(1.1):
b582a5b1da5999b6832dec6cb9477917 /usr/bin/ssh
a928873e32134ef8b21ed3082b744b5c /usr/sbin/sshd

My next step is to try building OpenSSH_p and run the resulting sshd instead of /usr/sbin/sshd (thanks for the tip!)

In the meantime I’ve disabled the sshd on both the Mac and the GentooLinux box just to be safe. (Don’t know how I’ll manage without being able to ssh back home from work, but hopefully I can continue like this until I get a replacement sshd

FYI, their auto-generated nasty-gram included the following log snippet:

Date Time, Src, Query, Query type
2005-08-24 10:03:02.87574, 24.157.68.55, telnet.tcp.quickbeam.rogers.com., Internet Unknow
2005-08-24 10:03:02.89364, 24.157.68.55, quickbeam.slnt.phub.net.cable.rogers.com., Internet Addr ?
2005-08-24 10:03:02.91165, 24.157.68.55, quickbeam.slnt.phub.net.cable.rogers.com., Internet Addr ?
2005-08-24 10:03:02.92965, 24.157.68.55, quickbeam.phub.net.cable.rogers.com., Internet Addr ?
2005-08-24 10:03:02.94782, 24.157.68.55, quickbeam.phub.net.cable.rogers.com., Internet Addr ?

Date Time,Dst,Query,Response
2005-08-24 10:03:2.87637,24.157.68.55,Error:,3(Name Error)
2005-08-24 10:03:2.89392,24.157.68.55,Error:,3(Name Error)
2005-08-24 10:03:2.91205,24.157.68.55,Error:,3(Name Error)
2005-08-24 10:03:2.93289,24.157.68.55,Error:,3(Name Error)
2005-08-24 10:03:2.94814,24.157.68.55,Error:,3(Name Error)

…where “quickbeam” is the host name of my Mac (behind a Cable/DSL Router)

Many thanks for the info,
./ddd

PS – appologies for the (mis-?)formatting but a quick look turned up no post-syntax guide.

]]> By: Adam Sherman On-Line http://www.theconsultant.net/2005/06/tiger-openssh-and-srv-resolution/comment-page-1/#comment-1744 Adam Sherman On-Line Sun, 26 Jun 2005 13:35:05 +0000 http://www.theconsultant.net/archives/2005/06/25/tiger-openssh-and-srv-resolution/#comment-1744 <strong>Apple’s Patched OpenSSH doing SRV lookups?</strong> Recently, while trying to figure out why ssh is taking so long to connect to many systems under Mac OS X 10.4.1, I sniffed the DNS traffic. ... Apple’s Patched OpenSSH doing SRV lookups?

Recently, while trying to figure out why ssh is taking so long to connect to many systems under Mac OS X 10.4.1, I sniffed the DNS traffic.

]]>