Solution to Challenging the Man in the Middle

    Date07 May 2002
    CategoryHacks/Cracks
    3623
    Posted ByAnthony Pell
    Two weeks ago, I challenged you to figure out how a machine was compromised. Let me quickly recap the situation. I suspected that someone was using an SSH man-in-the-middle package on the local network. Both sshmitm (part of Dug Song's dsniff[1] . . . Two weeks ago, I challenged you to figure out how a machine was compromised. Let me quickly recap the situation. I suspected that someone was using an SSH man-in-the-middle package on the local network. Both sshmitm (part of Dug Song's dsniff[1] package) and ettercap[2] can fill this role. (As it turns out, the culprit was a modified version of sshmitm, so I'll just call it by name henceforward.)

    The machine running sshmitm needs to be situated between the ssh client and ssh server. When the client machine connects to the server, the machine running sshmitm intercepts the packets. The sshmitm process pretends to be the actual server. It will follow the SSH protocol specification, providing the host key, agreeing on cryptographic algorithms and keys, and eventually asking the client for the password.

    The sshmitm program establishes a connection to the actual server, as if it's a normal ssh client. It takes the data that it receives from the real client, which it has available in cleartext, and re-encrypts it to the real ssh server as appropriate.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.