Re: SSH bruteforce on its way...

[Michael Lang <Michael.Lang () jackal-net at>]

On Wed, 2005-10-26 at 08:29 +0200, Lionel Ferette wrote:
> Hello Michael,

Hello Lionel,

> In the wise words of Michael.Lang () jackal-net at, on Tuesday 25 October 2005 
> 09:29:
> [SNIP]
> > I've put the session data on a website
> > (http://www.jackal-net.at/tiki-read_article.php?articleId=20)  where you can
> > see what i've setup and what the guys where doing. (currently only one
> > session is online but i'm sure, others will follow :) ... )   
> Just had a look at that page, and I would recommend against using ethereal to 
> capture traffic: there are too many vulnerabilities in ethereal's decoders (a 
> few have been disclosed last week) to allow that program to run unattended as 
> root (needed to capture traffic). Instead, I always recommend to use tcpdump:
>  tcpdump -s 1500 -w traffic.trace port 22
> (in your case you're only interested in ssh traffic, aren't you? otherwise, 
> just skip the 'port 22' part).
>
> Then, *as a normal user*, open the trace file with ethereal if you don't like 
> tcpdump's output of
>  tcpdump -s 1500 -r traffic.trace -X

i´m running ethereal on a Host *outside* of the Machine which runs
Fedora Core4 Ethereal version ethereal-0.10.13-1.FC4.2 which should be
aware of all currently known issues.
thanks anyway 

Kind regards
Michael Lang

> Regards,
>
> Lionel
-- 
Michael Lang <Michael.Lang () jackal-net at>