Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Need some education: Man-in-the-Middle Attacks

from [Daniel DeLeo] Network Security [Permanent Link]
Subject: Re: Need some education: Man-in-the-Middle Attacks
Date: Thu, 31 Aug 2006 14:53:47 -0600 

On Aug 31, 2006, at 2:02 PM, Christ, Bryan wrote:

My question is this... What prevents Eve from passing along the
challenge information to Alice? In other words, even though Eve does
not have the private key, and therefore cannot decrypt, Alice does.
Therefore Eve could send the information to Alice, get a valid response,
and then Eve passes that response back to Bob. Bob still has no way of
know that Eve is impersonating Alice and/or brokering messages.

In this situation, Eve would only see the encrypted traffic, because Alice's responses are encrypted with Bob's public key. I'm far from an expert on this, but I'm pretty sure that public key encryption is used just to set up symmetric key encryption so this is a bit oversimplified. But the answer you are looking for is that if Eve simply passes the traffic back and forth, she won't have the private keys to decrypt the traffic--she just sees a garbled mess (of course Eve can do this if she wants--but at this point, she's just acting as a router). In order for Eve to decipher the traffic (and perform a meaningful attack), she has to impersonate Alice by connecting to each with a separate ssh session, in which case the keys don't match-- ssh keeps the fingerprints on file. If Alice tries a MITM attack on the very first time Bob connects to Alice, though, Bob won't have the fingerprint on file. If Bob is cautious, however, he will have gotten the fingerprint from Alice beforehand, using the telephone, PGP/GPG or some other means, and he would notice that the fingerprint of Eve's key doesn't match the fingerprint that Alice told him to expect.
On Wed, 2006-08-30 at 15:58 -0600, Daniel DeLeo wrote: 
As far as I know, the fingerprint is based on the public key (or is
the key? someone who knows more than I might want to clarify this) of
the SSH server.  Eve could pass on the fingerprint, but she would not
have the private key, so data encrypted using the public key
associated with that fingerprint could not be decrypted by Eve.  Of
course, nothing stops Eve from presenting her own key and hoping that
the user doesn't check the fingerprints.
On Aug 29, 2006, at 3:35 PM, Christ, Bryan wrote:

All,

Please pardon my naivete.

I was looking at the diagram on the URL listed below and contemplating
how host fingerprinting prevents MITM attacks.

http://www.vandyke.com/solutions/ssh_overview/
ssh_overview_threats.html

So my question is this... Given the illustration in the URL above,
what
prevents Eve from *first* contacting Alice to obtain a fingerprint
which
then gets passed to Bob on the first connection attempt?




[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Need some education: Man-in-the-Middle Attacks, Seren Thompson
Next by Date:  RE: Need some education: Man-in-the-Middle Attacks, Seren Thompson
Previous by Thread:  Re: Need some education: Man-in-the-Middle Attacks, Mario Platt
Next by Thread:  Re: Need some education: Man-in-the-Middle Attacks, Eygene Ryabinkin
Indexes:  [Date] [Thread] [Top] [All Lists]