From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <65010503554d731e5af01bacdf6ff2b1@plan9.bell-labs.com> From: "Russ Cox" To: 9fans@cse.psu.edu Subject: Re: [9fans] SSH Version2 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Mon, 7 Oct 2002 12:21:51 -0400 Topicbox-Message-UUID: ff3db83c-eaca-11e9-9e20-41e7f4b1d025 > ever heard of ettercap? the ultimate in script kiddie packet sniffing > technology? it can break ssh1. > http://ettercap.sourceforge.net/ that's not true. it can stand in as a man-in-the-middle for an active attack on ssh1. that's only going to work if you've never connected to the host before, or if you ignore the man-in-the-middle warnings when the other end's host key doesn't work out right. to do that requires you are proxy arping for the victim server, which limits the attack even further. from their readme: 5.4.4 SSH1 MAN-IN-THE-MIDDLE When the connection starts (remember that we are the master-of-packets, all packets go through ettercap) we substitute the server public key with one generated on the fly and save it in a list so we can remember that this server has been poisoned before. Then the client send the packet containing the session key ciphered with our key, so we are able to decipher it and sniff the real 3DES session key. Now we encrypt the packet with the correct server public key and forward it to the SSH daemon. The connection is established normally, but we have the session key !! Now we can decrypt all the traffic and sit down watching the stream ! The connection will remain active even if we exit from ettercap, because ettercap doesn't proxy it (like dsniff). After the exchange of the keys, ettercap is only a spectator... ;) russ