Security Basics mailing list archives
Re: Suddenly faced with password prompt while ssh'ing; two ip's assigned to adsl ppp0 iface?!?
From: John Doe <security.department () tele2 ch>
Date: Sat, 17 Dec 2005 17:13:15 +0100
Von: PCSC Information Services Sounds like the MO for a MITM (man in the middle) attack... if someone has sniffed your work... they could be spoofing the remote IP as a method to get any login information you have... you might try to contact your ISP and report the IP in question, they should be able to find out who had this IP at the time of your problem... tell them that you are interested in pursuing legal action in regard to this potential security breach and they will no doubt perform the work faster than if there was no threats... good luck. S.
Thanks a lot for your answer, S. I considered the mitm attack possibility, but I came to the (well, maybe inappropriate) conclusion that it's very unprobable, because of some (well, maybe inappropriate) reasons: * I often change the ip (by stopping adsl-conn, waiting, restarting - and not going online generally if not necessary). * I'm not a valuable target * I guess it's rather improbable that anybody is sniffing a bunch of connections / the provider ip pool (I think...). The phenomenon appeared with different ip addresses. * The phenomenon appeared at the time where reverse dsn lookup failed on the connection ips (although I can't see a connection with this) * ssh tried only the root private key and not, as it should, the one of the nonpriv user used to login remote * Main reason against that: It depended on the shell instance (phenomenon in one shell, but no others; phenomenon disappeared after exit and re-su'ing). AFAIK it's not possible to know the shell instance used from outside. For that, my box would have to be compromised. Any other ideas out there? --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfoc_ml ----------------------------------------------------------------------------
Current thread:
- Suddenly faced with password prompt while ssh'ing; two ip's assigned to adsl ppp0 iface?!? John Doe (Dec 17)
- Re: Suddenly faced with password prompt while ssh'ing; two ip's assigned to adsl ppp0 iface?!? John Doe (Dec 19)