From: nhatphuc (nhatphuc@gmail.com)
Date: Thu Jun 28 2007 - 07:58:49 ART
Oh, yes, this is my problem. I ignored the warning and accept the new key.
So to prevent this kind of attack from happening, I would use Dynamic
ARP Inspection. Is it ok? Can you recommend me other solutions?
Thanks
Phuc
On 6/28/07, Petr Lapukhov <petr@internetworkexpert.com> wrote:
> Basically, MITM attacks exploit the fact that you can not *verify* server's
> identity.
> (e.g. identity information is not signed by a trusted 3rd party). So the
> best
> way to protect against MITM is either to verify identity of our party
> outband (e.g.
> with RSA public key's fingerprints), or use digitally signed identities for
> authentication
> (e.g. digitacl certificates)
>
> Moreover, if you keep track of RSA/DSS server public keys (host keys) on
> your
> client PC, (which most versions of SSH do) you will be warned on server
> public
> key change (which a MITM utility causes, by putting itself inline).
>
> Usually we all just ignore this fact, and hastingly type "yes" accepting
> the
> new identity. However, being just a bit more careful here may help you
> notice
> such kinds of attack. Some versions of SSH may also be configured to
> refuse connecting on server identity key change.
>
> --
> Petr Lapukhov, CCIE #16379 (R&S/Security/SP)
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
>
> 2007/6/28, nhatphuc <nhatphuc@gmail.com>:
> >
> > Hi all,
> >
> > I configure SSH on Router, and use CAIN to arp spoofing and hijack the
> > SSH Connection from PC to Router. I can get the password.
> >
> > So does SSH really prevent MITD? In this case, how to prevent password
> > loss if the network is under arp spoofing?
> >
> > Thanks
> >
> > Phuc
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:52 ART