[lug] SSH
John Hernandez
John.Hernandez at noaa.gov
Wed Sep 4 11:56:47 MDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Morris wrote:
| (at least with SSH1, don't know
| about SSH2) I know of at least one or two cases where access
| has been gained to a system by sniffing and decrypting the
| password.
Are you sure? While it is true that SSH1 uses a weak CRC algorithm,
it's an academic issue which depends on several preconditions and lacks
any published exploit code. In other words, not for script kiddies.
This leads me to believe that "sniffing and decrypting the password" was
not likely the vector used to attack your SSH1 deployment.
Have you considered other possibilities? My first guess would be that
you fell victim to the CRC32 compensator buffer overrun (this is an
implementation bug) that was widely exploited a while back. If that
vector was patched in advance of the attack, my next guess would be a
weak password, maybe contained within a leaked shadow file or otherwise
compromised (possibly even by a local user).
- --
~ - John Hernandez - Network Engineer - 303-497-6392 -
~ | National Oceanic and Atmospheric Administration |
~ | Mailstop R/OM62. 325 Broadway, Boulder, CO 80305 |
~ ----------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAj12SV8ACgkQB1Kl6VhqfiNgnQCeN+KogiPGcObwOPNGXWFaBFHJ
2bEAn1rT8oWgES4VA8pAp663B1+uC7As
=xskK
-----END PGP SIGNATURE-----
More information about the LUG
mailing list