From owner-freebsd-security Wed Jan 19 23: 2:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by hub.freebsd.org (Postfix) with SMTP id 4B8FC14E47 for ; Wed, 19 Jan 2000 23:02:47 -0800 (PST) (envelope-from sen_ml@eccosys.com) Received: (qmail 11108 invoked from network); 20 Jan 2000 07:01:35 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 20 Jan 2000 07:01:35 -0000 To: freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' From: sen_ml@eccosys.com In-Reply-To: <20000120075151.A3515@foobar.franken.de> References: <20000119165350.E8404@is.co.za> <20000120001840W.1000@eccosys.com> <20000120075151.A3515@foobar.franken.de> X-Mailer: Mew version 1.94.1 on Emacs 20.5 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000120160325Z.1000@eccosys.com> Date: Thu, 20 Jan 2000 16:03:25 +0900 X-Dispatcher: imput version 990905(IM130) Lines: 10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > 'being sure' is a bit strong don't you think? if someone has spoofed the > ip address it doesn't help you at all. logix> You want to do a blind-spoof on a cryptographic key-exchange? not necessarily. if you perform a successful denial-of-service attack of a certain type on one of your allowed hosts, and you know a password to get in to the server running the ssh daemon, then you can manage i think. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message