Re: Some kind of dictionary type attack?

Re: Some kind of dictionary type attack?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Re: Some kind of dictionary type attack? Ari 01-09-2008
Posted by Ari on January 9, 2008, 6:22 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On 07 Jan 2008 10:27:33 +0000 (GMT), Simon Tatham wrote:

> (And I know routers _can_ be subverted; the router next to a machine
> I use was once cracked and had an SSH MITM installed on it. I was
> quite surprised; I had no idea anyone was _actually_ doing MITM
> attacks on SSH. I'd assumed it was just a theoretical threat that
> _would_ have been tried if the designers hadn't built in protection.
> Of course I was immediately clued in by the changed host keys, not
> to mentioned the forcible SSH-2->SSH-1 protocol downgrade and the
> several-second delays on all TCP packets. We think the latter was
> because the router wasn't doing the hard work itself, but was
> forwarding all the network traffic to some other beefier machine for
> rewriting.)

No disagreement with any of the above. Why were you surprised with MITM on
SSH?

Posted by Simon Tatham on January 9, 2008, 9:32 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Why were you surprised with MITM on SSH?

Well, because it seemed like such a silly thing to be trying, given
that SSH specifically includes a defence against it!

With hindsight, yes, of course there's a decent chance that some
people will thoughtlessly answer `yes' to the changed host key
warning and then type their passwords through the resulting
connection. If it were me, though, I don't think that possibility
would justify going to the considerable effort of writing the
implementation.

What I really hadn't anticipated was that someone would write a
prepackaged SSH MITM implementation as proof of concept and without
malicious intent, meaning that suddenly it's actually very _little_
effort for a cracker to install an opportunistic MITM, so they might
as well try it and there's not much lost if it doesn't catch anyone.
(Which appears to be what happened: the MITMed connections in my
case returned a version string saying "SSH-1.51", and as far as I
can tell that's a protocol version number only used by Ettercap.)
--
Simon Tatham "I'm going to pull his head off. Ear by ear."

Posted by on January 9, 2008, 10:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
>> Why were you surprised with MITM on SSH?
>
>Well, because it seemed like such a silly thing to be trying, given
>that SSH specifically includes a defence against it!
>
>With hindsight, yes, of course there's a decent chance that some
>people will thoughtlessly answer `yes' to the changed host key
>warning and then type their passwords through the resulting
>connection. If it were me, though, I don't think that possibility
>would justify going to the considerable effort of writing the
>implementation.
>
>What I really hadn't anticipated was that someone would write a
>prepackaged SSH MITM implementation as proof of concept and without
>malicious intent, meaning that suddenly it's actually very _little_
>effort for a cracker to install an opportunistic MITM, so they might
>as well try it and there's not much lost if it doesn't catch anyone.
>(Which appears to be what happened: the MITMed connections in my
>case returned a version string saying "SSH-1.51", and as far as I
>can tell that's a protocol version number only used by Ettercap.)

dsniff has included a tool for MITM SSH attacks since 17th December 2000
see
http://www.oreillynet.com/pub/a/oreilly/networking/news/silverman_1200.htm

and as mentioned in the article there was quite a lot of somewhat hysterical
publicity when it was released eg

Kurt Seifried's "The End of SSH and SSL ?" article.

David Webb
Security team leader
CCSS
Middlesex University

>--
>Simon Tatham "I'm going to pull his head off. Ear by ear."

Posted by Cyberiade.it Anonymous Remaile on January 9, 2008, 11:23 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Simon Tatham wrote:

> > Why were you surprised with MITM on SSH?
>
> Well, because it seemed like such a silly thing to be trying, given
> that SSH specifically includes a defence against it!

Another reason I like Linux. Many/most distributions default to
StrictHostKeyChecking so they flatly do not not allow a connection to a
server whose keys have changed unless you manually open up your known
hosts file and delete the key.

>
> With hindsight, yes, of course there's a decent chance that some
> people will thoughtlessly answer `yes' to the changed host key
> warning and then type their passwords through the resulting
> connection. If it were me, though, I don't think that possibility
> would justify going to the considerable effort of writing the
> implementation.

Idiots do it all the time with SSL, what makes you think they're any
smarter because the protocol has changed?

Actually that's probably the case, as anyone with enough IQ points to
be able to use SSH would probably have to be a little more aware of
what's going on around them than the average idiot. PuTTY and it's
relatives tend to make users dumber, but they still require the ability
to read and follow simple instructions.

>
> What I really hadn't anticipated was that someone would write a
> prepackaged SSH MITM implementation as proof of concept and without
> malicious intent, meaning that suddenly it's actually very _little_
> effort for a cracker to install an opportunistic MITM, so they might

You'd be surprised at how many "proof of concept" implementations there
are out there. Not uncommon at all for anal retentive businesses to
have boundrary equipment on their networks which intercept and "MITM
attack" all sorts of encrypted data. SSL is quite common, and SSH isn't
unheard of. Typically they have their keys pre-installed on company
equipment so employees never have the opportunity to verify or reject
them. :(

> as well try it and there's not much lost if it doesn't catch anyone.
> (Which appears to be what happened: the MITMed connections in my
> case returned a version string saying "SSH-1.51", and as far as I
> can tell that's a protocol version number only used by Ettercap.)


Posted by Ari on January 9, 2008, 2:02 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On 09 Jan 2008 14:32:16 +0000 (GMT), Simon Tatham wrote:

>> Why were you surprised with MITM on SSH?
>
> Well, because it seemed like such a silly thing to be trying, given
> that SSH specifically includes a defence against it!
>
> With hindsight, yes, of course there's a decent chance that some
> people will thoughtlessly answer `yes' to the changed host key
> warning and then type their passwords through the resulting
> connection. If it were me, though, I don't think that possibility
> would justify going to the considerable effort of writing the
> implementation.
>
> What I really hadn't anticipated was that someone would write a
> prepackaged SSH MITM implementation as proof of concept and without
> malicious intent, meaning that suddenly it's actually very _little_
> effort for a cracker to install an opportunistic MITM, so they might
> as well try it and there's not much lost if it doesn't catch anyone.
> (Which appears to be what happened: the MITMed connections in my
> case returned a version string saying "SSH-1.51", and as far as I
> can tell that's a protocol version number only used by Ettercap.)

Thanks, I sorta misread your surprise as meaning that you were unsuspecting
of acts on inevitable failure. lol

Similar ThreadsPosted
Passphraselessly protecting dictionary relations May 10, 2007, 4:13 am
Sending CMS SignedData via http - which Content-Type?? March 22, 2005, 8:44 am
Re: Rebooting web server w/o having to type certificate passphrase? June 11, 2007, 2:58 am
Re: Rebooting web server w/o having to type certificate passphrase? June 15, 2007, 1:02 pm
Re: Rebooting web server w/o having to type certificate passphrase? June 24, 2007, 5:28 am
Rebooting web server w/o having to type certificate passphrase? June 11, 2007, 1:43 am
Password Dictionary File/ Each Entry is 2 or 3 Words Concatenated? May 1, 2007, 11:24 pm
ICMP Type 8 Echo Request packet security concerns October 11, 2005, 5:39 am
Web listings. Originators of spam type messages. Names. Addresses. May 14, 2006, 5:32 am
how can i tell if under attack? October 16, 2005, 10:57 pm

The site map in XML format XML site map

Contact Us | Privacy Policy