1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Possible to Read Encrypted Snoop traces?

By MattG
Mar 6, 2005
  1. Hey Everyone,

    Where i work for a software company, we support Sun Solaris 2.8 and 2.9.

    Little background of the software first. Mainly, its a Network Management Suite. However, we have the ability to launch an SSH client against the selected model you have, say a router.

    Now, in this scenario we have 3 machines.
    1 - The Server
    2 - The Device
    3 - The Machine you are connecting from

    I set my fourth machine to snoop box number 3. I proceed to connect to Machine number 1 from Machine 3. I have connected to Number 2 via SSH java ssh client. I logged in, did a few things, yada yada, logged out.

    I stopped the Trace, and opened ethereal to view it. Now, it is encrypted for the most part. Aside from giving me the user name i logged in with (root), it does not give me the password. Which is how it is designed (ssh that is).

    I am just wondering if there is some other way i should be aware of that could give this password away. Some sort of Script Kiddie thing, something that can run locally if said were hacked, etc.

    Reason i am asking is because i was asked by a customer (i am in support here) if the line was secure from machine 3 to 1, knowing that it launches a SSH session from 1 to 2. and NOT from machine 3 to 2.

    However, it does appear to me that its secure for the most part.

    Thanks for any help guys.

  2. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    SSH is line-secure. There are some buggy implementations with rather theoretical man-in-the middle attack possibilities. If you are all patched up then there should be no problem.

    The biggest problems with SSH are the machines themselves:
    server masquerading - you are tricked to connect to some other machine instead of the one you intended (not many people bother to check the fingerprints).
    compromised server - the SSH daemon on the server machine has some extra "features" like reporting your password to someone.
    compromised client - you have a keylogger or a modified SSH client again recording your password.

    Of course the SSH sessions can be brute-forced but that is hardly something a script kiddie can do if you use decent encryption.
  3. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

  4. MattG

    MattG TS Rookie Topic Starter Posts: 140

    Thanks man. Exactly what i was looking for.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...