[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Probable SSH Vulnerability

Tim Peeler <thp@linux00.LinuxForce.net> writes:

> I've come to the conclusion that the SSH1 protocol is the most
> likely cause of this problem.

Attacks on the SSH v1 protocol are relatively sophisticated.  It's
more likely that some token used for authentication (password, RSA or
DSA key) has leaked, that a machine used to access the attacked
machines has itself been compromised (e.g. a home machine of an
employee), or a trojanized OpenSSH versions exist on your local Debian
mirror.

Of coure, it _could_ be the protocol, but you would be the first to
observe attacks on the inherent protocol weaknesses (not
implementation errors).  These attacks require wiretapping and traffic
manipulation capabilities.  If the edge networks are trustworthy, you
face a very powerful adversary.  Why do you think you are so special?
Reply to: