On Sun, 15 Jun 2003 09:01:00 +0200, Florian Weimer wrote: >Tim Peeler <[EMAIL PROTECTED]> writes: > >> I've come to the conclusion that the SSH1 protocol is the most >> likely cause of this problem. > >Attacks on the SSH v1 protocol are relatively sophisticated. It's >more likely that some token used for authentication (password, RSA or >DSA key) has leaked, that a machine used to access the attacked >machines has itself been compromised (e.g. a home machine of an >employee), or a trojanized OpenSSH versions exist on your local Debian >mirror. [...] >These attacks require wiretapping and traffic >manipulation capabilities.
I'd be interested if you could expand on this - do you mean a connection to the victim's LAN is necessary ? I'd have thought ability to intercept WAN traffic was enough, but I don't really know what I'm talking about :-). And AIUI, traffic manipulation is a standard technique for a skilled Bad Guy (injecting packets, fiddling with packets, connection hijacking). The sort of skill level required to perform a sequence number attack would do, wouldn't it ? >If the edge networks are trustworthy, ... Again it sounds like you're saying LAN access is needed. I recognise what you're saying about the more likely scenarios though (stolen access tokens, etc). [ IIRC, the www.apache.org crack was done that way (http://www.apacheweek.com/issues/01-06-01#hack) ] > Why do you think you are so special? But someone's got to be the first to fall prey to each new technique - why not Tim ? Or are you saying the computational effort involved is as huge as, say, a DES crack would be ? (i.e. only national security services and mobsters would have the resources ?) Cheers Nick Boyce Bristol, UK -- "Yousa steala precious from meesa!" - Jar-Jaromir
