[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sniffing SSH and HTTPS



On Tue, 28 Aug 2001, Jan-Hendrik Palic wrote:

> Hi all...
> 
> I have a small question.
> 
> I found on SF a small tool, which may sniffing SSH and HTTPS (not
> tested).
> 
> The Url is :
> 
> http://ettercap.sourceforge.net/
> 
> Is it possible? Are SSH und HTTPS connections unsecure and how do we
> make is secure than?

This tool preforms a man-in-the-middle attack (arp/dns poissening etc),

ssh:
A new ssh would loudly complain that the host-key fingerprint changed.
(since the private part of the key remains unkown to ettercap preventing
the use of this public key)

There also an analasis of the ssh packetstream revealing the number of
chars in the passwd.

https:
If the signed cert of a https server would also sign the pubkey, a browser
could also refuse to accept a connectiong when this key isn't used in the
sesionkey exchange.

But I don't belive https & brouwsers work this way.


Attacks can still be done when the fingerprint is unkown (e.g. first
connect to the box) or brute-force on fingerprint / rsa / dsa.

[RicV]




Reply to: