Date: Mon, 18 Dec 2000 19:42:19 +0100 From: Thomas Moestl <tmoestl@gmx.net> To: freebsd-security@freebsd.org Subject: Re: dsniff 2.3 info: Message-ID: <20001218194219.A1481@crow.dom2ip.de> In-Reply-To: <20001218110637.D6395@petra.hos.u-szeged.hu>; from sziszi@petra.hos.u-szeged.hu on Mon, Dec 18, 2000 at 11:06:37AM %2B0100 References: <Pine.BSF.4.21.0012172347240.48779-100000@security1.noc.flyingcroc.net> <20001218110637.D6395@petra.hos.u-szeged.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 18, 2000 at 11:06:37AM +0100, Szilveszter Adam wrote: > Now let's consider the scenario that the author presents us with. This > involves a man-in-the-middle-attack where the only thing the attacker does > is that she intercepts the messages on the wire and always re-encrypts them > and then passes them on. This scenario assumes that the parties have no way > of knowing who the other party is other than what they say they are and > also that they have not been in contact before. This will be most probably > true for SSL transactions, especially if the server's CA is self-signed > but anyway for the user side. From the dsniff FAQ: Local clients attempting to connect to Hotmail will be sent to your machine instead, where webmitm will present them with a self-signed certificate (with the appropriate X.509v3 distinguished name), and relay their sniffed traffic to the real Hotmail site. Now, if the Site the victim wants to connect to has had a valid certificate, a fat dialog will suddenly pop up on any Browser telling the user that the ceritificate is not trusted (and it did not before). It's just like with ssh: the user _is_ warned, if he chooses to click OK, that's his/her fault. Or am I mistaken here? - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001218194219.A1481>