Firewall Wizards mailing list archives
RE: ssh holes? Trojans? [long]
From: Jeffery.Gieser () minnesotamutual com
Date: Tue, 26 Sep 2000 08:22:45 -0500
#OK, you're scaring me. If you've seen a working implementation of a product #that can do SSH MitM without a compromised client and allowing cleartext #monitoring of the traffic that's a *serious* flaw in the protocol. #I don't mean to sound sceptical, but are you_sure_ that's what you're #saying? I think what he is talk about is there was an SSH server on the firewall. The ssh connection is actually established between the firewall and the outside client. The firewall, in turn, establishes another connection with the real SSH server on the internal side and proxies the traffic between the two connections. Since the external client is establishing the connection with the firewall and NOT the internal client there is no MitM attack occuring just a standard firewall proxy with some nice encryption. This would allow you to monitor the traffic and create allow/deny rules on the firewall while still providing privacy. Of course, if the firewall is hacked then your in big trouble. Or maybe I'm just smoking crack:-) Regards, Jeffery Gieser _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: ssh holes? Trojans? [long] Jeffery . Gieser (Sep 26)