[Info-vax] runaway TCP/IP ssh server processes

[Michael Moroney]

VAXman-  @SendSpamHere.ORG writes:

>Periodically, I am finding TCPIP$SSH_xxxx server processes consuming large
>amounts of CPU time.  These tend to bring the system to its knees.  There's
>no doubt that it's being precipitated by some attempt to exploit ssh.  Has
>anybody experienced this?  Any clues as to how these processes gets in this
>state and or how to thwart it?

Yes, I've seen this a lot.  Hackers (rather script kiddie scripts) 
discover a system with SSH and start to pound on it.  One thing you can do
is move SSH to an alternate port.  Something I did over 10 years ago is
write software that listens to the audit server for breakin notifications
and block the net range it's coming from (usually zombie PCs all over the
world).

SSH processes getting wedged may be due to VMS SSH having the exploits
the hackers are looking for, but because it's VMS, not Windoze/Linux, it 
doesn't behave as expected.