Re: Probable SSH Vulnerability
On Sun, 15 Jun 2003 09:01:00 +0200, Florian Weimer wrote:
>Tim Peeler <thp@linux00.LinuxForce.net> writes:
>
>> I've come to the conclusion that the SSH1 protocol is the most
>> likely cause of this problem.
>
>Attacks on the SSH v1 protocol are relatively sophisticated. It's
>more likely that some token used for authentication (password, RSA or
>DSA key) has leaked, that a machine used to access the attacked
>machines has itself been compromised (e.g. a home machine of an
>employee), or a trojanized OpenSSH versions exist on your local Debian
>mirror.
[...]
>These attacks require wiretapping and traffic
>manipulation capabilities.
I'd be interested if you could expand on this - do you mean a
connection to the victim's LAN is necessary ?
I'd have thought ability to intercept WAN traffic was enough, but I
don't really know what I'm talking about :-). And AIUI, traffic
manipulation is a standard technique for a skilled Bad Guy (injecting
packets, fiddling with packets, connection hijacking). The sort of
skill level required to perform a sequence number attack would do,
wouldn't it ?
>If the edge networks are trustworthy, ...
Again it sounds like you're saying LAN access is needed.
I recognise what you're saying about the more likely scenarios though
(stolen access tokens, etc). [ IIRC, the www.apache.org crack was done
that way (http://www.apacheweek.com/issues/01-06-01#hack) ]
> Why do you think you are so special?
But someone's got to be the first to fall prey to each new technique -
why not Tim ?
Or are you saying the computational effort involved is as huge as,
say, a DES crack would be ? (i.e. only national security services and
mobsters would have the resources ?)
Cheers
Nick Boyce
Bristol, UK
--
"Yousa steala precious from meesa!" - Jar-Jaromir
Reply to: