IPChains question (SOLVED)

Mike Bilow mikebw at colossus.bilow.com
Mon May 15 10:36:25 EDT 2000


I would not want to say that anything is completely safe, but I would
expect that ssh is among the least likely services to be compromised in
this way.  Once the channel is opened, all of the data is handled using a
cryptographic exchange that would guarantee authentication.  Even if the
circuit could be intercepted, ssh would not allow a third party to conduct
a man-in-the-middle attack.  Also, ssh has some protection against an
attack being conducted during the negotiation of the inital exchange, if
the hosts have ever exchanged keys before.

-- Mike


On 2000-05-15 at 09:43 -0400, Christoph Doerbeck A242369 wrote:

> Perhaps someone else can elaborate even further on this, but I've been reading
> up on "port hijacking".  Apparently, after a TCP connection completes, the
> port remains open for a timeout-period during which, an intruder can exploit
> various attacks to gain access or execute DOS (Denial of Service).
> 
> At any rate, to my understanding one of the DNS exploits is based on this.
> 
> I would think that making your gloabal timeouts larger is counter productive
> and it might be wiser to shorten the SSH keep-alive heartbeats...
> 
> Comments?  Or am I completely off base...


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list