|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Thomas Themel (thomas.themel
cpointc.com)Date: Tue Feb 12 2002 - 08:15:13 CST
Hi,
[Moderator: Sorry for mailing this to vuln-dev this morning...]
Adam Manock (abmanockearthlink.net) wrote:
> The encrypted activities of a hypothetical SSH worm could be logged using a
> honeypot and a network sniffing logger, one that just so happens to have
> the honeypot's private SSH key. SSHmitm of the dsniff toolkit might provide
Actually, in case of a worm the simplest solution might be to keep an
strace of the sshd running, it is quite trivial to restore the
unencrypted session contents from there. A worm is unlikely to find
out/care that it is being traced.
ciao,
-- Thomas Themel | CenterPoint Connective Software Engineering GmbH Hauptplatz 8/4 | System Administrator / Software Developer 9500 Villach | <http://www.cpointc.com/> +43 676 846623-13| work thomas.themel
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE8aSNxAz1OdjgqkwURAuo/AJ4/zDK4kF0U67A9rD+jMivPViI8SACfSOjP pe6ZEPtfKN3xk12H5PbnsXE= =mv9c -----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]