Date: Mon, 18 Dec 2000 19:42:19 +0100 From: Thomas Moestl <tmoestl@gmx.net> To: freebsd-security@freebsd.org Subject: Re: dsniff 2.3 info: Message-ID: <20001218194219.A1481@crow.dom2ip.de> In-Reply-To: <20001218110637.D6395@petra.hos.u-szeged.hu>; from sziszi@petra.hos.u-szeged.hu on Mon, Dec 18, 2000 at 11:06:37AM %2B0100 References: <Pine.BSF.4.21.0012172347240.48779-100000@security1.noc.flyingcroc.net> <20001218110637.D6395@petra.hos.u-szeged.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 18, 2000 at 11:06:37AM +0100, Szilveszter Adam wrote:
> Now let's consider the scenario that the author presents us with. This
> involves a man-in-the-middle-attack where the only thing the attacker does
> is that she intercepts the messages on the wire and always re-encrypts them
> and then passes them on. This scenario assumes that the parties have no way
> of knowing who the other party is other than what they say they are and
> also that they have not been in contact before. This will be most probably
> true for SSL transactions, especially if the server's CA is self-signed
> but anyway for the user side.
From the dsniff FAQ:
Local clients attempting to connect to Hotmail will be sent to your
machine instead, where webmitm will present them with a self-signed
certificate (with the appropriate X.509v3 distinguished name), and relay
their sniffed traffic to the real Hotmail site.
Now, if the Site the victim wants to connect to has had a valid certificate,
a fat dialog will suddenly pop up on any Browser telling the user that the
ceritificate is not trusted (and it did not before). It's just like with
ssh: the user _is_ warned, if he chooses to click OK, that's his/her fault.
Or am I mistaken here?
- thomas
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001218194219.A1481>