Date: Fri, 5 Jan 2001 12:20:14 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Artem Koutchine <matrix@ipform.ru> Cc: "David G. Andersen" <dga@pobox.com>, security@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: Antisniffer measures (digest of posts) Message-ID: <20010105122014.H15744@fw.wintelcom.net> In-Reply-To: <002f01c07753$af808400$0c00a8c0@ipform.ru>; from matrix@ipform.ru on Fri, Jan 05, 2001 at 11:11:25PM %2B0300 References: <200101052002.NAA29203@faith.cs.utah.edu> <002f01c07753$af808400$0c00a8c0@ipform.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
* Artem Koutchine <matrix@ipform.ru> [010105 12:12] wrote:
>
> > A final solution is simply to encrypt all sensitive traffic at the
> > application layer. Use SSL for http/pop3/etc. Use SSH for remote
> > access. Etc. Not perfect, but works.
>
> Nope, dsniff breaks SSL and SSH1.
What's wrong with using SSH2? You can use port forwarding over
remote localhost to do it:
__ __
/ \ / \
| \ / |
\ \ / /
_______\ /________
| win95 |X-----[ssh]-----X| server |
------- --------
?
As long as your users are somewhat intellegent about being wary
of "sudden key changes" then they should be fine.
--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010105122014.H15744>