Firewall Wizards mailing list archives
Re: potential ssh attack
From: Michael Barkett <mbarkett () javanut cst digex net>
Date: Sat, 12 Jun 1999 10:42:13 -0400 (EDT)
Of course this is possible!! This is what allows us to map/mount drives on machines that are otherwise "locked down" to ssh. ;-) The secret is to lock down your ssh daemon. Disable tunneling and implement RSA Authentication. -MAB -- ,......................................... : Michael A. Barkett : Security Analyst/Team Lead, SMC (xXXXX) : mbarkett () digex net : 301.847.7180 ,.................... : FW./\/. : i n t e r m e d i a '....................' BUSINESS INTERNET Death is nature's way of telling you to slow down Matt Dunn wrote :
attacker1:# ssh -R 345:target.machine.com:25 127.0.0.1 The only authentication that happens in this case is that the attacker's local machine asks her for the local account's password, which she more than likely already knows, and the sshd on the target machine merrily begins redirecting requests from this tunnel to its SMTP port, effectively opening that port to some other form of attack which would normally have been blocked by the now bypassed filtering mechanism.
Current thread:
- potential ssh attack Matt Dunn (Jun 14)
- Re: potential ssh attack Michael Barkett (Jun 15)
- Re: potential ssh attack Ge' Weijers (Jun 15)
- <Possible follow-ups>
- Re: potential ssh attack Barney Wolff (Jun 15)