From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Thu Jun 28 2007 - 04:50:58 ART
Basically, MITM attacks exploit the fact that you can not *verify* server's
identity.
(e.g. identity information is not signed by a trusted 3rd party). So the
best
way to protect against MITM is either to verify identity of our party
outband (e.g.
with RSA public key's fingerprints), or use digitally signed identities for
authentication
(e.g. digitacl certificates)
Moreover, if you keep track of RSA/DSS server public keys (host keys) on
your
client PC, (which most versions of SSH do) you will be warned on server
public
key change (which a MITM utility causes, by putting itself inline).
Usually we all just ignore this fact, and hastingly type "yes" accepting the
new identity. However, being just a bit more careful here may help you
notice
such kinds of attack. Some versions of SSH may also be configured to
refuse connecting on server identity key change.
-- Petr Lapukhov, CCIE #16379 (R&S/Security/SP) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com
2007/6/28, nhatphuc <nhatphuc@gmail.com>: > > Hi all, > > I configure SSH on Router, and use CAIN to arp spoofing and hijack the > SSH Connection from PC to Router. I can get the password. > > So does SSH really prevent MITD? In this case, how to prevent password > loss if the network is under arp spoofing? > > Thanks > > Phuc > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:52 ART