[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: about sniffing

At 22:28 Uhr -0700 21.7.2001, Nikolay Hristov wrote:
I've found some utilities that claims that can sniff ssh1 and https
traffic (man-in-the-middle attack) -
Is it true?  And why are these certificates and SSL support for web
servers? Can someone explain why it is possible or why it isn't?

I think ssh will warn the user that the host key has changed. So
don't blindly tell ssh to accept the new one :-)

For https attacks, you will probably need an 'officially' signed
server certificate if you don't want the users' browser complain
about invalid certificates.

Why don't you try it? :-) (I'll do when I find time)


btw don't use html email

Reply to: