From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew To: 9fans@cse.psu.edu Subject: Re: [9fans] SSH Version2 Message-ID: <20021007165746.GA4153@thefrayedknot.armory.com> References: <65010503554d731e5af01bacdf6ff2b1@plan9.bell-labs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <65010503554d731e5af01bacdf6ff2b1@plan9.bell-labs.com> User-Agent: Mutt/1.4i Date: Mon, 7 Oct 2002 09:57:46 -0700 Topicbox-Message-UUID: ffd5133a-eaca-11e9-9e20-41e7f4b1d025 On Mon, Oct 07, 2002 at 12:21:51PM -0400, Russ Cox wrote: > > ever heard of ettercap? the ultimate in script kiddie packet sniffing > > technology? it can break ssh1. > > http://ettercap.sourceforge.net/ i should have clarified that yes. But getting someone's username and password is one of the things i consider breaking a protocol. The whole point is to keep that from happening, and when it does, the protocol failed to work and is therefore broken. Granted this attack only happens when you have a script kiddie sitting in the right place, but that limits its usability, you can only try to connect somewhere when you are on a network you trust (or are ignorant of). the idea behind ssh and all other tools like it, is so you can work on a network you dont entirely trust, if we always trusted networks we'd use telnet. on the comment about ssh2, it was made more complicated specifically so it would be harder to break, and said theory has held true because as you said yourself, the ettercap guys havent figured it out yet. i want it to be difficult for someone to get my username and password, impossible is not an option yet, but one can certainly make it more difficult. > > that's not true. it can stand in as a man-in-the-middle > for an active attack on ssh1. that's only going to work > if you've never connected to the host before, or if you > ignore the man-in-the-middle warnings when the other end's > host key doesn't work out right. to do that requires you > are proxy arping for the victim server, which limits the > attack even further. > > from their readme: > > 5.4.4 SSH1 MAN-IN-THE-MIDDLE > > When the connection starts (remember that we are the master-of-packets, all > packets go through ettercap) we substitute the server public key with one > generated on the fly and save it in a list so we can remember that this > server has been poisoned before. > Then the client send the packet containing the session key ciphered with > our key, so we are able to decipher it and sniff the real 3DES session key. > Now we encrypt the packet with the correct server public key and forward it > to the SSH daemon. > The connection is established normally, but we have the session key !! > Now we can decrypt all the traffic and sit down watching the stream ! > The connection will remain active even if we exit from ettercap, because > ettercap doesn't proxy it (like dsniff). After the exchange of the keys, > ettercap is only a spectator... ;) > > russ