Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Need some education: Man-in-the-Middle Attacks

from [Christ, Bryan] Network Security [Permanent Link]
Subject: Re: Need some education: Man-in-the-Middle Attacks
Date: Thu, 31 Aug 2006 09:40:03 -0500 
But if Eve is later challenged to prove her identity (that she must now
maintain the illusion of being Alice), what prevents Eve from passing
the challenge on to the real Alice, getting valid results, and then
passing them back to Bob?

On Thu, 2006-08-31 at 10:01 +0400, Eygene Ryabinkin wrote:

Bryan,

I was looking at the diagram on the URL listed below and contemplating
how host fingerprinting prevents MITM attacks.

http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html

So my question is this... Given the illustration in the URL above, what
prevents Eve from *first* contacting Alice to obtain a fingerprint which
then gets passed to Bob on the first connection attempt?


She can obtain it, but the fingerprint is closely related to the
Alice's private key that Eve can not obtain easily. So there is
no reason for Eve to pass Alice's fingerprint to Bob, because later
she will not be able to prove to Bob that she has the corresponding
private key and it will break the connection between Bob and Eve.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Need some education: Man-in-the-Middle Attacks, Nathan Jackson-Eeles
Previous by Thread:  RE: Need some education: Man-in-the-Middle Attacks, Nathan Jackson-Eeles
Next by Thread:  Re: Need some education: Man-in-the-Middle Attacks, jacob . devenport
Indexes:  [Date] [Thread] [Top] [All Lists]