From owner-freebsd-security Fri Jan 5 12:20:35 2001 From owner-freebsd-security@FreeBSD.ORG Fri Jan 5 12:20:30 2001 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 027D837B400; Fri, 5 Jan 2001 12:20:30 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f05KKFr14811; Fri, 5 Jan 2001 12:20:15 -0800 (PST) Date: Fri, 5 Jan 2001 12:20:14 -0800 From: Alfred Perlstein To: Artem Koutchine Cc: "David G. Andersen" , security@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: Antisniffer measures (digest of posts) Message-ID: <20010105122014.H15744@fw.wintelcom.net> References: <200101052002.NAA29203@faith.cs.utah.edu> <002f01c07753$af808400$0c00a8c0@ipform.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002f01c07753$af808400$0c00a8c0@ipform.ru>; from matrix@ipform.ru on Fri, Jan 05, 2001 at 11:11:25PM +0300 Sender: bright@fw.wintelcom.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Artem Koutchine [010105 12:12] wrote: > > > A final solution is simply to encrypt all sensitive traffic at the > > application layer. Use SSL for http/pop3/etc. Use SSH for remote > > access. Etc. Not perfect, but works. > > Nope, dsniff breaks SSL and SSH1. What's wrong with using SSH2? You can use port forwarding over remote localhost to do it: __ __ / \ / \ | \ / | \ \ / / _______\ /________ | win95 |X-----[ssh]-----X| server | ------- -------- ? As long as your users are somewhat intellegent about being wary of "sudden key changes" then they should be fine. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message