* Artem Koutchine <matrixipform.ru> [010105 12:12] wrote:
>
> > A final solution is simply to encrypt all sensitive traffic at the
> > application layer. Use SSL for http/pop3/etc. Use SSH for remote
> > access. Etc. Not perfect, but works.
>
> Nope, dsniff breaks SSL and SSH1.

What's wrong with using SSH2? You can use port forwarding over
remote localhost to do it:

     __ __
    / \ / \
   | \ / |
    \ \ / /
   _______\ /________
  | win95 |X-----[ssh]-----X| server |
   ------- --------

?

As long as your users are somewhat intellegent about being wary
of "sudden key changes" then they should be fine.

-- 
-Alfred Perlstein - [brightwintelcom.net|alfredfreebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]