IPChains question (SOLVED)
Christoph Doerbeck A242369
cdoerbec at cso.fmr.com
Mon May 15 12:11:59 EDT 2000
Mike Bilow wrote:
> I would not want to say that anything is completely safe, but I would
> expect that ssh is among the least likely services to be compromised in
> this way. Once the channel is opened, all of the data is handled using a
> cryptographic exchange that would guarantee authentication. Even if the
> circuit could be intercepted, ssh would not allow a third party to conduct
> a man-in-the-middle attack. Also, ssh has some protection against an
> attack being conducted during the negotiation of the inital exchange, if
> the hosts have ever exchanged keys before.
>
I would agree that SSH is designed and engineered to be "safe", but my
original point was that by changing the firewall's IPCHAIN timeouts, you
are setting global values, not just those for SSH. This could make
other port services masquaraded on the FW more vulnerable (T/F)?
- Christoph
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list