Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSH bruteforce on its way...

from [Lionel Ferette] Network Security [Permanent Link]
Subject: Re: SSH bruteforce on its way...
Date: Wed, 26 Oct 2005 08:29:17 +0200 
Hello Michael,

In the wise words of Michael.Lang@jackal-net.at, on Tuesday 25 October 2005 
09:29:
[SNIP]

I've put the session data on a website
(http://www.jackal-net.at/tiki-read_article.php?articleId=20)  where you can
see what i've setup and what the guys where doing. (currently only one
session is online but i'm sure, others will follow :) ... )   

Just had a look at that page, and I would recommend against using ethereal to 
capture traffic: there are too many vulnerabilities in ethereal's decoders (a 
few have been disclosed last week) to allow that program to run unattended as 
root (needed to capture traffic). Instead, I always recommend to use tcpdump:
 tcpdump -s 1500 -w traffic.trace port 22
(in your case you're only interested in ssh traffic, aren't you? otherwise, 
just skip the 'port 22' part).

Then, *as a normal user*, open the trace file with ethereal if you don't like 
tcpdump's output of
 tcpdump -s 1500 -r traffic.trace -X

Regards,

Lionel

-- 
"To understand how progress failed to make our lives easier,
please press 3"

Lionel Ferette
BELNET CERT Coordinator

Tel: +32 2 7903385                  http://cert.belnet.be/
Fax: +32 2 7903375                  PGP Key Id: 0x5662FD4B

Attachment: pgpYheX415YEy.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SSH bruteforce on its way..., Michael Lang
Next by Date:  Re: SSH bruteforce on its way..., Bryan Hatter
Previous by Thread:  Re: SSH bruteforce on its way..., Christine Kronberg
Next by Thread:  Re: SSH bruteforce on its way..., Michael Lang
Indexes:  [Date] [Thread] [Top] [All Lists]