Date: Wed, 01 Dec 1999 14:06:50 -0800 From: Terry Ewing <terrye@deepwell.com> To: Paul Hart <hart@iserver.com>, freebsd-security@freebsd.org Subject: Re: logging a telnet session Message-ID: <4.2.0.58.19991201135910.014ce550@mail1.dcomm.net> In-Reply-To: <Pine.BSF.4.21.9912011444500.51911-100000@anchovy.orem.iser ver.com> References: <Pine.BSF.4.10.9912011538570.16289-100000@eddie.incantations.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is probably the only way to have an external sniffer view an ssh session in plaintext. This opens up a whole mess though. We're back to modifying the system that has been intruded upon. If you were checking the checksums of your binaries on a regular basis then you will tip your cards to the intruder by showing him that sshd has been modified. I guess you could make a new image of the checksum and replace it trying to act like that has always been the checksum for the sshd binary. As for the intruder, he'd really throw a wrench into your works by compiling his own sshd binary and using that on your server. He could verify the checksum on a regular basis. At 02:50 PM 12/1/99 -0700, you wrote: >On Wed, 1 Dec 1999, Jason Hudgins wrote: > > > Watching the packet stream is pretty useless if the hacker is using > > ssh however, which in my opinion, it would be pretty stupid not to. > >No. Remember, you're the one calling the shots. Go ahead and trojan your >own sshd to leak session keys so you can decrypt the sniffed sessions, or >even better, have it leak the cleartext before encrypting it. > >The original poster wanted to watch a telnet session anyway. > >Paul Hart > >-- >Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. >hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19991201135910.014ce550>