[26254] in bugtraq
Re: SSH Protocol Trick
daemon@ATHENA.MIT.EDU (H D Moore)
Mon Jul 22 21:07:46 2002
Content-Type: text/plain;
charset="iso-8859-1"
From: H D Moore <sflist@digitaloffense.net>
To: auto458545@hushmail.com, bugtraq@securityfocus.com
Date: Mon, 22 Jul 2002 19:45:43 -0500
In-Reply-To: <200207222343.g6MNhfY13217@mailserver4.hushmail.com>
MIME-Version: 1.0
Message-Id: <200207221945.43902.sflist@digitaloffense.net>
Content-Transfer-Encoding: 8bit
Ettercap has had this ability for months:
$ cat etter.filter.ssh
############################################################################
# #
# ettercap -- etter.filter -- filter chain file #
# #
[ snip ]
##
#
# This filter will substitute the SSH server response from SSH-1.99 to
# SSH-1.51, so if the server supports both ssh1 and ssh2 we will force
# it to use ssh1... ;)
# server response : SSH-1.99 both ssh1 and ssh2 supported
# SSH-1.51 only ssh1 supported
##
[ snip ]
http://ettercap.sf.net/
On Monday 22 July 2002 18:43, auto458545@hushmail.com wrote:
> SSH Protocol Weakness Advisory
> Monday, July 22 2002
> - rtm
>
> OK, here it is guys... I saw this today when I was looking at the newest
> issue of phrack (59) and I discovered that an old little technique of SSH
> man in the middle attacks I had been working on was now part of a Phrack
> article....
