Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wireless insecurity at NANOG meetings

  • From: Joel Jaeggli
  • Date: Mon Sep 23 13:02:34 2002

On Sun, 22 Sep 2002, Iljitsch van Beijnum wrote:

> On Sun, 22 Sep 2002, Richard A Steenbergen wrote:
> > On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote:
> > > > There are also people ssh'ing to personal and corporate machines from
> > > > the terminal room where the root password is given out or easily
> > > > available.
> > > Are you saying people shouldn't SSH?
> > I've seen far too many people get into trouble because they have some
> > flawed thinking that "ssh == always secure", even against compromises of
> > one of the endpoints. If root is available, a reasonable person should
> > ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds
> > and recompiled the ssh binaries with a password logger.

When we hosted nanog 16 we made the effort to periodically compare the md5 
sums of the binaries on the terminal room machines to a reference source. 
I wouldn't personally place a greate deal of trust in machines that 
aren't in ones possession  but we try.
> Excellent point. Fortunately, this doesn't apply to running SSH from your
> laptop over the wireless network.

Joel Jaeggli	      Academic User Services    
--    PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E      --
  In Dr. Johnson's famous dictionary patriotism is defined as the last
  resort of the scoundrel.  With all due respect to an enlightened but
  inferior lexicographer I beg to submit that it is the first.
	   	            -- Ambrose Bierce, "The Devil's Dictionary"

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.