From owner-freebsd-security  Wed Dec  1 13:54:18 1999
Delivered-To: freebsd-security@freebsd.org
Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2])
	by hub.freebsd.org (Postfix) with ESMTP id C99B914BC6
	for <freebsd-security@FreeBSD.ORG>; Wed,  1 Dec 1999 13:54:12 -0800 (PST)
	(envelope-from hart@iserver.com)
Received: by gatekeeper.veriohosting.com; Wed, 1 Dec 1999 14:54:12 -0700 (MST)
Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1)
	id xma018074; Wed, 1 Dec 99 14:53:44 -0700
Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id OAA52749; Wed, 1 Dec 1999 14:50:52 -0700 (MST)
Date: Wed, 1 Dec 1999 14:50:51 -0700 (MST)
From: Paul Hart <hart@iserver.com>
X-Sender: hart@anchovy.orem.iserver.com
To: Jason Hudgins <thanatos@incantations.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: logging a telnet session
In-Reply-To: <Pine.BSF.4.10.9912011538570.16289-100000@eddie.incantations.net>
Message-ID: <Pine.BSF.4.21.9912011444500.51911-100000@anchovy.orem.iserver.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 1 Dec 1999, Jason Hudgins wrote:

> Watching the packet stream is pretty useless if the hacker is using 
> ssh however, which in my opinion, it would be pretty stupid not to.

No.  Remember, you're the one calling the shots.  Go ahead and trojan your
own sshd to leak session keys so you can decrypt the sniffed sessions, or
even better, have it leak the cleartext before encrypting it.

The original poster wanted to watch a telnet session anyway.

Paul Hart

--
Paul Robert Hart        ><8>  ><8>  ><8>        Verio Web Hosting, Inc.
hart@iserver.com        ><8>  ><8>  ><8>        http://www.iserver.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message