From owner-freebsd-security Mon Dec 18 10:44:39 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 18 10:44:38 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 3993537B402 for ; Mon, 18 Dec 2000 10:44:37 -0800 (PST) Received: (qmail 12352 invoked by uid 0); 18 Dec 2000 18:44:35 -0000 Received: from p3e9d4513.dip.t-dialin.net (HELO forge.local) (62.157.69.19) by mail.gmx.net (mail10) with SMTP; 18 Dec 2000 18:44:35 -0000 Received: from thomas by forge.local with local (Exim 3.16 #1 (Debian)) id 1485Ep-0000OV-00 for ; Mon, 18 Dec 2000 19:42:19 +0100 Date: Mon, 18 Dec 2000 19:42:19 +0100 To: freebsd-security@freebsd.org Subject: Re: dsniff 2.3 info: Message-ID: <20001218194219.A1481@crow.dom2ip.de> Mail-Followup-To: tmoestl@gmx.net, freebsd-security@freebsd.org References: <20001218110637.D6395@petra.hos.u-szeged.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001218110637.D6395@petra.hos.u-szeged.hu>; from sziszi@petra.hos.u-szeged.hu on Mon, Dec 18, 2000 at 11:06:37AM +0100 From: Thomas Moestl Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 18, 2000 at 11:06:37AM +0100, Szilveszter Adam wrote: > Now let's consider the scenario that the author presents us with. This > involves a man-in-the-middle-attack where the only thing the attacker does > is that she intercepts the messages on the wire and always re-encrypts them > and then passes them on. This scenario assumes that the parties have no way > of knowing who the other party is other than what they say they are and > also that they have not been in contact before. This will be most probably > true for SSL transactions, especially if the server's CA is self-signed > but anyway for the user side. From the dsniff FAQ: Local clients attempting to connect to Hotmail will be sent to your machine instead, where webmitm will present them with a self-signed certificate (with the appropriate X.509v3 distinguished name), and relay their sniffed traffic to the real Hotmail site. Now, if the Site the victim wants to connect to has had a valid certificate, a fat dialog will suddenly pop up on any Browser telling the user that the ceritificate is not trusted (and it did not before). It's just like with ssh: the user _is_ warned, if he chooses to click OK, that's his/her fault. Or am I mistaken here? - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message