Way OT: SSH worries

William Burns William.Burns at AEROFLEX.COM
Tue Aug 17 07:17:55 IST 2004


<x-flowed>
John:

How common is it to have a router compromised in such a way that traffic
can be sniffed?
I'm not saying that depending on clear-text anything is good for
security, but I haven't heard of this router "exploit" method being a
concern.

Besides, I'm only using these "pass-phrases" as an additional layer of
defense.
After sshd gets turned on, an attacker would still have to break
in/through the non-stndard ssh port.

Re: using stunnel, there are ssl related exploits, no?
It seems to me that using stunnel to protect sshd from a *real* exploit
is kind of defeating the intended purpose.
Wouldn't stunnel be just as vulnerable?

-Bill

John Rudd wrote:

> On Aug 16, 2004, at 5:15 PM, William Burns wrote:
>
>> I wrote a script to turn sshd on+off that gets called by inetd.
>> I telnet to a specific port, type in a "pass-phrase", and my sshd
>> starts
>>
>> Now, unless someone finds a TELNET vulnerability, I'm pretty safe.
>>
>
> You mean like breaking into your ISP's routers and sniffing your
> traffic, so that I see your pass-phrase going across the 'net in the
> clear?
>
> Probably better to use stunnel on the server side, and open-ssl's
> "sclient" feature (or ssl-telnet) on the client side, so that your
> pass-phrase for starting/stopping SSL is at least protected a little.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list