Vulnerability Development mailing list archives
Re: Steady increase in ssh scans
From: KF <dotslash () snosoft com>
Date: Tue, 12 Feb 2002 12:26:44 -0500
Sniff the PID of the master sshd and choose ALL file descriptor sniff option. http://www.psychoid.lam3rz.de/sshsniff.tar.gz -KF Thomas Themel wrote:
Hi, Adam Manock (abmanock () earthlink net) wrote:The encrypted activities of a hypothetical SSH worm could be logged using a honeypot and a network sniffing logger, one that just so happens to have the honeypot's private SSH key. SSHmitm of the dsniff toolkit might provideActually, in case of a worm the simplest solution might be to keep an strace of the sshd running, it is quite trivial to restore the unencrypted session contents from there. A worm is unlikely to find out/care that it is being traced. ciao, -- Thomas Themel | CenterPoint Connective Software Engineering GmbH Hauptplatz 8/4 | System Administrator / Software Developer 9500 Villach | <http://www.cpointc.com/> +43 676 846623-13| work thomas.themel () cpointc com play thomas () themel com ------------------------------------------------------------------------ Part 1.2Type: application/pgp-signature
Current thread:
- Re: Steady increase in ssh scans Thomas Themel (Feb 12)
- Re: Steady increase in ssh scans KF (Feb 12)