[18238] in bugtraq
Re: sshmitm, webmitm
daemon@ATHENA.MIT.EDU (Samuele Giovanni Tonon)
Wed Dec 20 17:40:37 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001220175502.B1545@students.cs.unibo.it>
Date: Wed, 20 Dec 2000 17:55:02 +0100
Reply-To: Samuele Giovanni Tonon <tonon@STUDENTS.CS.UNIBO.IT>
From: Samuele Giovanni Tonon <tonon@STUDENTS.CS.UNIBO.IT>
X-To: Dug Song <dugsong@MONKEY.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001218101802.J26453@naughty.monkey.org>; from
dugsong@MONKEY.ORG on Mon, Dec 18, 2000 at 10:18:02AM -0500
On Mon, Dec 18, 2000 at 10:18:02AM -0500, Dug Song wrote:
> sshmitm and webmitm have been released as part of the new dsniff-2.3
> package, available at:
>
> http://www.monkey.org/~dugsong/dsniff/
>
> these tools perform simple active monkey-in-the-middle attacks against
> SSH and HTTPS, exploiting weak bindings in ad-hoc PKI.
i've used it (sshmitm) last night and it seems it works only under certain
condition:
- you connect to a machine querying a DNS instead of putting the ip in
/etc/hosts
- you have no ~/.ssh/known_host or you haven't the public key of the host you
want to connect and you have StrictHostKeyChecking set to no (default) .
- the forger must know you'll connect to it and must be on the path between you
and the machine .
without one of these condition it doesn't work, so problem can be easily
avoided with some precaucions until a good public-key exchanging system is used
Samuele
--
Samuele Tonon <tonon@students.cs.unibo.it>
Undergraduate Student of Computer Science at University of Bologna, Italy
Linux System administrator at Computer Science Research Labs of University
of Bologna, Italy
Founder & Member of A.A.H.T.
