Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Need some education: Man-in-the-Middle Attacks

from [Seren Thompson] Network Security [Permanent Link]
Subject: RE: Need some education: Man-in-the-Middle Attacks
Date: Thu, 31 Aug 2006 11:38:29 -0600 
 This is true and why fingerprinting is useful.

 For the first connection attempt, Bob needs some way of verifying that
the public key being presented is the same as Alice's public key. The
way to do this is usually an out-of-band exchange where Bob calls Alice
or meets with her and manually verifies that the fingerprint of her key
matches the fingerprint of the key he's being presented.

 The purpose of a fingerprint is for this human-verification process,
since it's easier to read than the full public key.

 This is the same reason SSL works. Most browser come with certificates
preinstalled which is why you can verify that Verisign or some other
authority has issued a web-site's ssl cert. Without the certs being
preinstalled in the browser, you'd initially have to verify the
authenticity of the certs for each website or signing authority, the way
you (should) do for self-signed certs.


-----Original Message-----
From: Christ, Bryan [mailto:bryan.christ@hp.com] 
Sent: Wednesday, August 30, 2006 4:05 PM
To: Mark Senior
Cc: secureshell@securityfocus.com
Subject: Re: Need some education: Man-in-the-Middle Attacks

"Only if Eve gets in the way of the very first connection attempt, can
he pass her own public key off as Alice's, without Bob detecting it."

This is exactly my concern.  Isn't that scary?

On Wed, 2006-08-30 at 12:52 -0600, Mark Senior wrote:

On 8/29/06, Christ, Bryan wrote:

All,

Please pardon my naivete.

I was looking at the diagram on the URL listed below and

contemplating

how host fingerprinting prevents MITM attacks.





http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html


So my question is this... Given the illustration in the URL above,

what

prevents Eve from *first* contacting Alice to obtain a fingerprint

which

then gets passed to Bob on the first connection attempt?



The server passes the client its public key; the client generates a
fingerprint of this public key, and verifies that it matches a known
one from previous connections.

Eve can pass Alice's public key to Bob, but she doesn't possess
Alice's private key, so she has no way to interfere further with the
communications (beyond tampering at a network level - introducing
delay, dropping the connection, etc.)

Only if Eve gets in the way of the very first connection attempt, can
she pass her own public key off as Alice's, without Bob detecting it.
On the first connection, he'd have to either trust what he sees, or
verify the fingerprint offline somehow.  On subsequent connections,
the mismatch would be obvious.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Need some education: Man-in-the-Middle Attacks, Christian Grunfeld
Next by Date:  Re: Need some education: Man-in-the-Middle Attacks, Daniel DeLeo
Previous by Thread:  Re: Need some education: Man-in-the-Middle Attacks, Christian Grunfeld
Next by Thread:  RE: Need some education: Man-in-the-Middle Attacks, Seren Thompson
Indexes:  [Date] [Thread] [Top] [All Lists]