[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: about sniffing

On Sat, Jul 21, 2001 at 09:27:03PM +0100, Christian Jaeger wrote:
> At 22:28 Uhr -0700 21.7.2001, Nikolay Hristov wrote:
> >I've found some utilities that claims that can sniff ssh1 and https
> >traffic (man-in-the-middle attack) -
> ><http://ettercap.sourceforge.net>http://ettercap.sourceforge.net
> >Is it true?? And why are these certificates and SSL support for web
> >servers? Can someone explain why it is possible or why it isn't?
> I think ssh will warn the user that the host key has changed. So
> don't blindly tell ssh to accept the new one :-)
the ssh1 protocol is indeed vulnerable to the man-in-the-middle attack,
use the ssh2 protocol instead, afaik it's not vulnerable, that's one of
the reason the ssh2 protocol is promoted now, it's not supported by the
ssh version in potato though, you might be able to upgrade it

> For https attacks, you will probably need an 'officially' signed
> server certificate if you don't want the users' browser complain
> about invalid certificates.
> Why don't you try it? :-) (I'll do when I find time)
> Name:           Alson van der Meulen      <
> Personal:        alson@flutnet.org        <
> School:       alson@gymnasiumleiden.nl    <
Ummm... Didn't you say you turned it off?

Reply to: