Re: OT: Security....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-11-04 at 12:14, HaJo Schatz wrote:
> On Thu, 2004-11-04 at 23:49, Scot L. Harris wrote:
> 
> > At what point does the system log the ssh attempt?  If it is after the
> > initial 3 way handshake then I think an ssh attempt could be spoofed
> > without having to receive packets back from the target system.  From
> > what I can tell it appears that when you initiate an ssh attempt the
> > standard 3 way handshake is started.  You send a SYN packet, the target
> > sends a SYN ACK packet.  Normally since you would not get the SYN ACK
> > packet the connection would not be completed.  However if you
> > manufacture a ACK packet and send that a few seconds after you send the
> > SYN packet I think you would have a good chance of completing the
> > handshake.  If that gets logged as an SSH attempt then the active
> > response system in place may block the spoofed sender IP address.
> 
> I have tried that. You have to have your login and password transmitted
> before the log entry appears through syslog (which makes sense, as the
> credentials appear in the log as well). I believe it's pretty hard to
> "pre-guess" (what a word) the authentication/encryption handshake to
> spoof an IP ;-)

That makes sense.  Will have to find some time to look at this a little
more.  :)

-- 
Scot L. Harris
webid@xxxxxxxxxx

Yield to Temptation ... it may not pass your way again.
		-- Lazarus Long, "Time Enough for Love" 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux