Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Is this normal?

from [Jonathan Loh] Network Security [Permanent Link]
Subject: Re: Is this normal?
Date: Tue, 26 Oct 2004 15:17:41 -0700 (PDT) 
ethercap (ettercap) can do SSH1 too.
--- xyberpix <xyberpix@xyberpix.com> wrote:


SSH doesn't use cleartext, but version one can be sniffed quite easily
with dsniff. :-)
Maybe that's what was meant?

xyberpix

On Sat, 23 October, 2004 5:50 am, Jonathan Loh said:

I thought ssh did not send cleartext?  Granted you can see source and
destination and the fact that they are using ssh if you sniff when the
session
is starting, but no passwords are sent cleartext.  But you'd be able to
see
that anyway.  Though I think someone here mentioned in the ssh, not
openssh,
implementation there is a provision to send things in cleartext, though
that
has to be configured.

Sure you can use hostkeys.  hostkeys will verify that you are logging in
from a
certain host.  But I also recomend you use passwords.

--- bp1974@comcast.net wrote:


* Disable clear text services (telnet,ssh etc.)





__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail




-- 
For security and Opensource news check out:
http://xyberpix.demon.co.uk





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Advice on Fastest NMAP Scan, Fyodor
Next by Date:  Re: VPN in debian: L2TP/IPSec? PPTP? ...?, Rob klein Gunnewiek
Previous by Thread:  Re: Is this normal?, xyberpix
Next by Thread:  Re: Is this normal?, H Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]