nanog mailing list archives
Re: telnet vs ssh on Core equipment , looking for reasons why ?
From: <alex () yuriev com>
Date: Tue, 31 Jul 2001 11:32:50 -0400 (EDT)
On Tue, 31 Jul 2001 alex () yuriev com wrote:Monkey in the Middle attack on SSH is very difficult to perform. I'm cc'ing Matt Bishop (bishop () cs ucdavis edu) who together with yours truly wrote a paper on this in 1997.Hard how? Are you talking about the complexity in coding the exploit app? So what! It only has to be written once:
Really? And does it work on all hosts, no matter how they are configured? Next... Alex
SSHv1 wget http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz tar -zxf dsniff-2.3.tar.gz man ./dsniff-2.3/sshmitm.8 The SSH security model is fundimentally weak against Man in the Middle, because it provides no methodology to verify the transmitted key (beyond crude manual methods... Not that PKI system used with SSL is all that effective either).
Current thread:
- RE: Hard data on network impact of the "Code Red" worm?, (continued)
- RE: Hard data on network impact of the "Code Red" worm? Roeland Meyer (Jul 31)
- telnet vs ssh on Core equipment , looking for reasons why ? Mr. James W. Laferriere (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Greg Maxwell (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Greg Maxwell (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Scott Francis (Jul 31)
- telnet vs ssh on Core equipment , looking for reasons why ? Mr. James W. Laferriere (Jul 31)
- RE: Hard data on network impact of the "Code Red" worm? Roeland Meyer (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- RE: telnet vs ssh on Core equipment , looking for reasons why ? Deepak Jain (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Bob K (Jul 31)