also @ TechSpot: Nortel's internal network "owned" by hackers for almost a decade
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Software > The Alternative OS
Reload this Page Possible to Read Encrypted Snoop traces?

Download Now:

Possible to Read Encrypted Snoop traces?
Thread Tools Search this Thread
  #1  
Old 03-06-2005
MattG's Avatar
TechSpot Member
  
Location: Maine
Member since: Aug 2003, 147 posts
Possible to Read Encrypted Snoop traces?
Hey Everyone,

Where i work for a software company, we support Sun Solaris 2.8 and 2.9.

Little background of the software first. Mainly, its a Network Management Suite. However, we have the ability to launch an SSH client against the selected model you have, say a router.

Now, in this scenario we have 3 machines.
1 - The Server
2 - The Device
3 - The Machine you are connecting from

I set my fourth machine to snoop box number 3. I proceed to connect to Machine number 1 from Machine 3. I have connected to Number 2 via SSH java ssh client. I logged in, did a few things, yada yada, logged out.

I stopped the Trace, and opened ethereal to view it. Now, it is encrypted for the most part. Aside from giving me the user name i logged in with (root), it does not give me the password. Which is how it is designed (ssh that is).

I am just wondering if there is some other way i should be aware of that could give this password away. Some sort of Script Kiddie thing, something that can run locally if said were hacked, etc.

Reason i am asking is because i was asked by a customer (i am in support here) if the line was secure from machine 3 to 1, knowing that it launches a SSH session from 1 to 2. and NOT from machine 3 to 2.

However, it does appear to me that its secure for the most part.

Thanks for any help guys.

-Matt
  #2  
Old 03-07-2005
Nodsu's Avatar
TechSpot Evangelist
  
Location: Estonia
Member since: Feb 2002, 9,431 posts
System specs
SSH is line-secure. There are some buggy implementations with rather theoretical man-in-the middle attack possibilities. If you are all patched up then there should be no problem.

The biggest problems with SSH are the machines themselves:
server masquerading - you are tricked to connect to some other machine instead of the one you intended (not many people bother to check the fingerprints).
compromised server - the SSH daemon on the server machine has some extra "features" like reporting your password to someone.
compromised client - you have a keylogger or a modified SSH client again recording your password.

Of course the SSH sessions can be brute-forced but that is hardly something a script kiddie can do if you use decent encryption.
  #3  
Old 03-07-2005
Nodsu's Avatar
TechSpot Evangelist
  
Location: Estonia
Member since: Feb 2002, 9,431 posts
System specs
Some reading on passive SSH attacks if you like..

http://www.securityfocus.com/archive/1/169840
http://www.securityfocus.com/archive/121/234973
  #4  
Old 03-07-2005
MattG's Avatar
TechSpot Member
  
Location: Maine
Member since: Aug 2003, 147 posts
Thanks man. Exactly what i was looking for.
Closed Thread

Similar Topics
Topic Replies Forum
Traces of iPhone OS 4.0 found in server logs 4 TechSpot News and Comments
Security Toolbar 7.1 traces 1 Virus and Malware Removal
Traces of Adware.Virtumonde detected and worms 1 Virus and Malware Removal
how to find if a software has left any traces even after uninstall 10 Windows OS
Windows Source Leak Traces Back to Mainsoft 3 General Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 10:51 AM.