From owner-freebsd-security Wed Dec 1 14:12:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from kerouac.deepwell.com (deepwell.com [209.63.174.12]) by hub.freebsd.org (Postfix) with SMTP id 9DE3D14F94 for ; Wed, 1 Dec 1999 14:12:25 -0800 (PST) (envelope-from freebsd@deepwell.com) Received: (qmail 29987 invoked from network); 1 Dec 1999 23:03:40 -0000 Received: from proxy.dcomm.net (HELO terry) (209.63.175.10) by deepwell.com with SMTP; 1 Dec 1999 23:03:40 -0000 Message-Id: <4.2.0.58.19991201140744.014d5dd0@mail1.dcomm.net> X-Sender: freebsd@mail.deepwell.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 01 Dec 1999 14:12:09 -0800 To: Jason Hudgins , freebsd-security@freebsd.org From: Deepwell Internet Subject: Re: logging a telnet session In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Paul also suggested leaking the cleartext before encryption which is also good. It would roughly double the local bandwidth used by him, but I can't doubling telnet/ssh would be a big deal. a netstat may give this away, but you could use udp to send the plaintext to the logging host. As for writing this from scratch, you may be able to find something like this in a rootkit. At 04:00 PM 12/1/99 -0600, you wrote: > > No. Remember, you're the one calling the shots. Go ahead and trojan your > > own sshd to leak session keys so you can decrypt the sniffed sessions, or > > even better, have it leak the cleartext before encrypting it. > >Well, I think it would be easier to just trojanize some binaries on >the cracked box (like ps) and make the logging process invisible then to >trojan sshd AND write a decryption client of sorts. > > > The original poster wanted to watch a telnet session anyway. > >Yeah, I was the original poster, I'm just talking theory now. =) > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message