Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
ettercap can decrypt SSH1, which is a very good reason to never enable SSH1 on your boxen.
arpwatch is a great tool for detecting active ARP poisoning attacks on your network (and possibly your external network, say to keep your ISP's router IP from being faked (although that can cause problems if your ISP uses IP-failover technology).
Well, could the arpwatch be run by the same host that the ettercap is run?
Then, everyone that is plugged to an untrasted network should run arpwatch to check if his network is currently safe to start some sessions, unsafe ftp connections.
The title of your original question mentioned 'man in the middle' attacks. This is different than sniffing. Suppose that you are going to connect to your work computer from home. Suppose that you decide to use ssh2 to be secure. You haven't done this before, so you don't have the public key in the ./ssh directory.
What you don't know is that a hacker has been able to supply his ip address to your home computer, pretending to be your work computer. Now the initial connection is made with the hacker, who then supplies the identical information to the work computer setting up his own ssh2 connection. Now the hacker is able to tap into your traffic which is non-encrypted.
It would have been best if you would have manually added your home computer's public key to the work computer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.