Re: Can SSH mitigate MITD?

From: Shafagh Zandi (szmetal@gmail.com)
Date: Thu Jun 28 2007 - 05:11:01 ART

• Next message: Petr Lapukhov: "Re: PVST vs PVST+"
• Previous message: Petr Lapukhov: "Re: More R&S Strategy"
• Maybe in reply to: nhatphuc: "Can SSH mitigate MITD?"
• Next in thread: nhatphuc: "Re: Can SSH mitigate MITD?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

dsniff is a great tool and has MITM, sshmitm and webmitm implement active
monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by
exploiting weak bindings in ad-hoc PKI,
http://www.monkey.org/~dugsong/dsniff/

Don't throw away SSH just yet, it's still a lot better than nothing.

Sincerely,
Shafagh Zandi

On 6/28/07, Petr Lapukhov <petr@internetworkexpert.com> wrote:
>
> Basically, MITM attacks exploit the fact that you can not *verify*
> server's
> identity.
> (e.g. identity information is not signed by a trusted 3rd party). So the
> best
> way to protect against MITM is either to verify identity of our party
> outband (e.g.
> with RSA public key's fingerprints), or use digitally signed identities
> for
> authentication
> (e.g. digitacl certificates)
>
> Moreover, if you keep track of RSA/DSS server public keys (host keys) on
> your
> client PC, (which most versions of SSH do) you will be warned on server
> public
> key change (which a MITM utility causes, by putting itself inline).
>
> Usually we all just ignore this fact, and hastingly type "yes" accepting
> the
> new identity. However, being just a bit more careful here may help you
> notice
> such kinds of attack. Some versions of SSH may also be configured to
> refuse connecting on server identity key change.
>
> --
> Petr Lapukhov, CCIE #16379 (R&S/Security/SP)
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
>
> 2007/6/28, nhatphuc <nhatphuc@gmail.com>:
> >
> > Hi all,
> >
> > I configure SSH on Router, and use CAIN to arp spoofing and hijack the
> > SSH Connection from PC to Router. I can get the password.
> >
> > So does SSH really prevent MITD? In this case, how to prevent password
> > loss if the network is under arp spoofing?
> >
> > Thanks
> >
> > Phuc
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Shafagh Zandi,
www.shafagh.com

• Next message: Petr Lapukhov: "Re: PVST vs PVST+"
• Previous message: Petr Lapukhov: "Re: More R&S Strategy"
• Maybe in reply to: nhatphuc: "Can SSH mitigate MITD?"
• Next in thread: nhatphuc: "Re: Can SSH mitigate MITD?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:52 ART