On 5/7/07, Ted Unangst <[EMAIL PROTECTED]> wrote:
On 5/7/07, Darren Spruell <[EMAIL PROTECTED]> wrote:
> On 5/7/07, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote:
> > An attacker sets up a system with two wireless NICs: one associated to
> > my network and another configured as an access point pretending to be
> > an access point for my network. He runs a DHCP server on the AP
> > interface and NATs traffic to my network. (I can imagine a
> > sufficiently clever bridge setup that would be even harder to detect,
> > but I don't know for certain if it could work.)
>
> SSH makes provisions for detection/prevention of MITM attacks by
> cryptographically verifying host identities. Assuming you use SSHv2
> and the client verifies the fingerprint of the server's public key is
> accurate, identity of the destination system can be assured.
1. where do you get the fingerprint for the first connection?
From the sysadmin? Help desk? System setup log in hard copy?
People *do* usually pay attention to that kind of thing, right?
2. that's not the problem described. how does ssh know that its
connection is being NATed?
Does it matter if its connection is NATed if SSH can guarantee
end-to-end confidentiality and endpoint authentication? I don't
understand how an intermediary NAT router serves as a MITM assuming
server identity is verified.
DS
