RE: Can SSH mitigate MITD?

From: Church, Charles (cchurch@multimax.com)
Date: Thu Jun 28 2007 - 08:22:27 ART

• Next message: Kim Judy: "Installing WCS on LMS"
• Previous message: Blaine Williams: "Re: Passed R&S Lab in Sydney"
• Maybe in reply to: nhatphuc: "Can SSH mitigate MITD?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It seems that SSH v2 mitigates that vulnerability, at least in the link
given in the Monkey URL -
http://www.oreillynet.com/pub/a/oreilly/networking/news/silverman_1200.h
tml
We only use V2 on the networks we deal with just for this reason.

Chuck

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Shafagh Zandi
Sent: Thursday, June 28, 2007 4:11 AM
To: Petr Lapukhov
Cc: nhatphuc; ccielab@groupstudy.com
Subject: Re: Can SSH mitigate MITD?

dsniff is a great tool and has MITM, sshmitm and webmitm implement
active monkey-in-the-middle attacks against redirected SSH and HTTPS
sessions by exploiting weak bindings in ad-hoc PKI,
http://www.monkey.org/~dugsong/dsniff/

Don't throw away SSH just yet, it's still a lot better than nothing.

Sincerely,
Shafagh Zandi

On 6/28/07, Petr Lapukhov <petr@internetworkexpert.com> wrote:
>
> Basically, MITM attacks exploit the fact that you can not *verify*
> server's identity.
> (e.g. identity information is not signed by a trusted 3rd party). So
> the best way to protect against MITM is either to verify identity of
> our party outband (e.g.
> with RSA public key's fingerprints), or use digitally signed
> identities for authentication (e.g. digitacl certificates)
>
> Moreover, if you keep track of RSA/DSS server public keys (host keys)
> on your client PC, (which most versions of SSH do) you will be warned
> on server public key change (which a MITM utility causes, by putting
> itself inline).
>
> Usually we all just ignore this fact, and hastingly type "yes"
> accepting the new identity. However, being just a bit more careful
> here may help you notice such kinds of attack. Some versions of SSH
> may also be configured to refuse connecting on server identity key
> change.
>
> --
> Petr Lapukhov, CCIE #16379 (R&S/Security/SP)
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
>
> 2007/6/28, nhatphuc <nhatphuc@gmail.com>:
> >
> > Hi all,
> >
> > I configure SSH on Router, and use CAIN to arp spoofing and hijack
> > the SSH Connection from PC to Router. I can get the password.
> >
> > So does SSH really prevent MITD? In this case, how to prevent
> > password loss if the network is under arp spoofing?
> >
> > Thanks
> >
> > Phuc
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

--
Shafagh Zandi,
www.shafagh.com

• Next message: Kim Judy: "Installing WCS on LMS"
• Previous message: Blaine Williams: "Re: Passed R&S Lab in Sydney"
• Maybe in reply to: nhatphuc: "Can SSH mitigate MITD?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:52 ART