Firewall Wizards mailing list archives

Re: potential ssh attack

From: Michael Barkett <mbarkett () javanut cst digex net>
Date: Sat, 12 Jun 1999 10:42:13 -0400 (EDT)

Of course this is possible!!  This is what allows us to map/mount
drives on machines that are otherwise "locked down" to ssh. ;-)

The secret is to lock down your ssh daemon.  Disable tunneling and
implement RSA Authentication.

-MAB

-- 
 ,.........................................
:   Michael A. Barkett
:  Security Analyst/Team Lead, SMC (xXXXX)
: mbarkett () digex net  
:  301.847.7180       ,....................
:   FW./\/.          : i n t e r m e d i a
'....................'   BUSINESS INTERNET

Death is nature's way of telling you to slow down



Matt Dunn wrote :

      attacker1:#  ssh -R 345:target.machine.com:25 127.0.0.1

The only authentication that happens in this case is that the attacker's local 
machine asks her for the local account's password, which she more than likely 
already knows, and the sshd on the target machine merrily begins redirecting 
requests from this tunnel to its SMTP port, effectively opening that port to some 
other form of attack which would normally have been blocked by the now 
bypassed filtering mechanism.

Current thread:

potential ssh attack Matt Dunn (Jun 14)
- Re: potential ssh attack Michael Barkett (Jun 15)
- Re: potential ssh attack Ge' Weijers (Jun 15)
- <Possible follow-ups>
- Re: potential ssh attack Barney Wolff (Jun 15)