 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Mike Bilow wrote: > I would not want to say that anything is completely safe, but I would > expect that ssh is among the least likely services to be compromised in > this way. Once the channel is opened, all of the data is handled using a > cryptographic exchange that would guarantee authentication. Even if the > circuit could be intercepted, ssh would not allow a third party to conduct > a man-in-the-middle attack. Also, ssh has some protection against an > attack being conducted during the negotiation of the inital exchange, if > the hosts have ever exchanged keys before. > I would agree that SSH is designed and engineered to be "safe", but my original point was that by changing the firewall's IPCHAIN timeouts, you are setting global values, not just those for SSH. This could make other port services masquaraded on the FW more vulnerable (T/F)? - Christoph - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
