Nick Boyce <[EMAIL PROTECTED]> writes: >>These attacks require wiretapping and traffic >>manipulation capabilities. > > I'd be interested if you could expand on this - do you mean a > connection to the victim's LAN is necessary ?
LAN or WAN. Actually, access to any transmission link suffices. > I'd have thought ability to intercept WAN traffic was enough, Correct, but wiretapping WANs is not exactly straightforward. 8-) You will have a hard time doing it even if you've compromised some intermediate router. In a true WAN environment, scalable eavesdropping requires access to the physical medium and special eavesdropping cards for the machines that perform the eavesdropping. You can't redirect traffic in a WAN setting just by ARP spoofing. 8-) > And AIUI, traffic manipulation is a standard technique for a skilled > Bad Guy (injecting packets, fiddling with packets, connection > hijacking). Yes, but the attacker usually shares the LAN with the victim host or the other end of the communication. > The sort of skill level required to perform a sequence number attack > would do, wouldn't it ? No, it wouldn't, IIRC, the SSH 1 protocol is not *that* weak. > But someone's got to be the first to fall prey to each new technique - > why not Tim ? Because he noticed something, and he's so desperate that he's posting publicly to debian-security. 8-) If I had a new super-duper SSH exploit or could eavesdrop a WAN link, I wouldn't risk burning it on low-profile targets.
