Security Basics mailing list archives

Re: Suddenly faced with password prompt while ssh'ing; two ip's assigned to adsl ppp0 iface?!?

From: John Doe <security.department () tele2 ch>
Date: Sat, 17 Dec 2005 17:13:15 +0100

Von: PCSC Information Services
Sounds like the MO for a MITM (man in the middle) attack... if  
someone has sniffed your work...
they could be spoofing the remote IP as a method to get any login  
information you have...

you might try to contact your ISP and report the IP in question, they  
should be able to find out
who had this IP at the time of your problem... tell them that you are  
interested in pursuing legal
action in regard to this potential security breach and they will no  
doubt perform the work
faster than if there was no threats...

good luck.

S.


Thanks a lot for your answer, S. 

I considered the mitm attack possibility, but I came to the (well, maybe 
inappropriate) conclusion that it's very unprobable, because of some (well, 
maybe inappropriate) reasons:

* I often change the ip (by stopping adsl-conn, waiting, restarting - 
  and not going online generally if not necessary).
* I'm not a valuable target
* I guess it's rather improbable that anybody is sniffing a bunch of 
  connections / the provider ip pool  (I think...). The phenomenon 
  appeared with different ip addresses.
* The phenomenon appeared at the time where reverse dsn lookup failed on 
  the connection ips (although I can't see a connection with this)
* ssh tried only the root private key and not, as it should, the one of the 
  nonpriv user used to login remote
* Main reason against that: It depended on the shell instance (phenomenon 
  in one shell, but no others; phenomenon disappeared after exit and
  re-su'ing). AFAIK it's not possible to know the shell instance used from
  outside. For that, my box would have to be compromised.


Any other ideas out there? 


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfoc_ml
----------------------------------------------------------------------------

Current thread:

Suddenly faced with password prompt while ssh'ing; two ip's assigned to adsl ppp0 iface?!? John Doe (Dec 17)
- Re: Suddenly faced with password prompt while ssh'ing; two ip's assigned to adsl ppp0 iface?!? John Doe (Dec 19)