Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Need some education: Man-in-the-Middle Attacks

from [Mario Platt] Network Security [Permanent Link]
Subject: Re: Need some education: Man-in-the-Middle Attacks
Date: Thu, 31 Aug 2006 17:53:41 +0100 
The fact that SSH tells you the fingerprint has changes. If the user
is "dumb" enough to pass by it, and don't care, then he deserves to be
"Hijacked".

On 8/31/06, Christ, Bryan <bryan.christ@hp.com> wrote: 
But if Eve is later challenged to prove her identity (that she must now
maintain the illusion of being Alice), what prevents Eve from passing
the challenge on to the real Alice, getting valid results, and then
passing them back to Bob?

On Thu, 2006-08-31 at 10:01 +0400, Eygene Ryabinkin wrote:
> Bryan,
> > I was looking at the diagram on the URL listed below and contemplating
> > how host fingerprinting prevents MITM attacks.
> >
> > http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html
> >
> > So my question is this... Given the illustration in the URL above, what
> > prevents Eve from *first* contacting Alice to obtain a fingerprint which
> > then gets passed to Bob on the first connection attempt?
>
> She can obtain it, but the fingerprint is closely related to the
> Alice's private key that Eve can not obtain easily. So there is
> no reason for Eve to pass Alice's fingerprint to Bob, because later
> she will not be able to prove to Bob that she has the corresponding
> private key and it will break the connection between Bob and Eve.


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: authentication method shell variable?, Jaqui Greenlees
Next by Date:  Re: Need some education: Man-in-the-Middle Attacks, Christian Grunfeld
Previous by Thread:  Re: authentication method shell variable?, Jaqui Greenlees
Next by Thread:  Re: Need some education: Man-in-the-Middle Attacks, Christian Grunfeld
Indexes:  [Date] [Thread] [Top] [All Lists]