Re: A Solution for sniffing

On Fri, 20 Dec 2002, Janssen, Steph wrote:

> I'm afraid it only brings a small amount of safety. Also the Promiscous part

>
> This makes the machine sniffing you the machine in the middle, and would it

Quote from above web page :-

 SSH1 support : you can sniff User and Pass, and even the data of an  SSH1 connection. ettercap is the first software capable to sniff an  SSH connection in FULL-DUPLEX

According to mailing lists that specilize in ssh, this was due to a bug in SSH protocol v 1, that is not present in SSH protocol v 2

ettercap does not claim to sniff ssh v 2.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

So until a bug is found in protocol v 2, you need to

• acquire an ssh tool that supports it (recent versions of sssh, OpenSSH and puTTy support it)
• disable protocol v 1 in this tool (preferably in client and server.)
• if your tool warns you about an unknown host key, take it seriously. Transmit and install trusted host keys by a seure channel, as the unknown host key may belong to the 'man in the middle' sniffer.

Although I use protocol v 2 for this reason, I am not a penetration tester so have not proven its effectiveness myself.

I think that right now I am safe from ettercap kids any way.

David. Received on Mon Dec 23 13:57:13 2002