LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-28-2004, 05:54 AM   #16
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69

ettercap can decrypt SSH1, which is a very good reason to never enable SSH1 on your boxen.

arpwatch is a great tool for detecting active ARP poisoning attacks on your network (and possibly your external network, say to keep your ISP's router IP from being faked (although that can cause problems if your ISP uses IP-failover technology).
 
Old 03-28-2004, 06:16 AM   #17
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
Well, could the arpwatch be run by the same host that the ettercap is run?

Then, everyone that is plugged to an untrasted network should run arpwatch to check if his network is currently safe to start some sessions, unsafe ftp connections.

Is that a reasonable policy for self-security?
 
Old 03-29-2004, 02:03 PM   #18
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
The title of your original question mentioned 'man in the middle' attacks. This is different than sniffing. Suppose that you are going to connect to your work computer from home. Suppose that you decide to use ssh2 to be secure. You haven't done this before, so you don't have the public key in the ./ssh directory.
What you don't know is that a hacker has been able to supply his ip address to your home computer, pretending to be your work computer. Now the initial connection is made with the hacker, who then supplies the identical information to the work computer setting up his own ssh2 connection. Now the hacker is able to tap into your traffic which is non-encrypted.
It would have been best if you would have manually added your home computer's public key to the work computer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh man-in-the-middle naomi Linux - Security 2 05-19-2005 03:04 PM
man alsamixer not showing the man page nosaku Slackware 1 12-20-2004 09:52 AM
man in the middle attack atul_mehrotra Programming 12 09-22-2004 12:48 PM
man in the middle attack atul_mehrotra Linux - Security 4 09-22-2004 10:02 AM
Compiling packages on RH 7.1 causes man files to be named man.gz mmboam Linux - General 0 05-09-2001 07:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration