Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Steady increase in ssh scans

From: KF <dotslash () snosoft com>
Date: Tue, 12 Feb 2002 12:26:44 -0500
Sniff the PID of the master sshd and choose ALL file descriptor sniff
option. 
http://www.psychoid.lam3rz.de/sshsniff.tar.gz

-KF

Thomas Themel wrote:


Hi,
Adam Manock (abmanock () earthlink net) wrote:

The encrypted activities of a hypothetical SSH worm could be logged using a
honeypot and a network sniffing logger, one that just so happens to have
the honeypot's private SSH key. SSHmitm of the dsniff toolkit might provide


Actually, in case of a worm the simplest solution might be to keep an
strace of the sshd running, it is quite trivial to restore the
unencrypted session contents from there. A worm is unlikely to find
out/care that it is being traced.

ciao,
--
Thomas Themel    | CenterPoint Connective Software Engineering GmbH
Hauptplatz 8/4   |    System Administrator / Software Developer
9500 Villach     |            <http://www.cpointc.com/>
+43 676 846623-13| work thomas.themel () cpointc com play thomas () themel com

  ------------------------------------------------------------------------
   Part 1.2Type: application/pgp-signature
Previous By Date Next
Previous By Thread Next

Current thread: