Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: telnet vs ssh on Core equipment , looking for reasons why ?

  • From: alex
  • Date: Tue Jul 31 11:53:52 2001

> 
> > Monkey in the Middle attack on SSH is very difficult to perform. I'm cc'ing
> > Matt Bishop (bishop@cs.ucdavis.edu) who together with yours truly wrote a
> > paper on this in 1997.
> 
> Well I saw a monkey do it in 10 minutes with ettercap. Sorry I did mention
> in 1 of my posts that the ssh key sniff was done using arp soofing, my
> text got lost somewhere along the line....

*Yawn*

warning: Executing /opt/bin/ssh1 for ssh1 compatibility.
Host key not found from the list of known hosts.
!! If host key is new or changed, ssh1 protocol is vulnerable to an
!! attack known as false-split, which makes it relativily easy to
!! hijack the connection without the attack being detected. It is
!! highly advisable to turn StrictHostKeyChecking to "yes" and
!! manually copy host keys to known_hosts.
Are you sure you want to continue connecting (yes/no)?


It does not matter what kind of security system you have if you dont bother
to actually engage it.

Alex





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.