Nmap Development mailing list archives
Re: What would we want in a new Netcat/Hping?
From: Chuck <chuck.lists () gmail com>
Date: Wed, 15 Jun 2005 17:36:32 -0400
- Support for requiring a password to connect to the NetCat2 listener.I don't think a clear text password is acceptable, even for this sort of application. I added a requirement that authentication and encryption of the channel be supported as an option. Maybe this can be done securely and easily with OpenSSL.
I agree. Cleartext passwords are unacceptable, but there are other ways to implement passwords and there are times when you want to secure your netcat listener, but don't want to deal with SSL certificates. You could implement it as simple as: - server sends random value to client - client sends hash of random value + password - server compares hashes I just made that up, so there may be flaws in it (it is definitely vulnerable to a MITM attack, but should be safe from sniffing). There are probably a bunch of established algorithms that we could choose from, but something like this may be good enough because if you want real security (from things like MITM) you will probably need to use SSL mutual authentication (or something equally as complicated) anyway. You would also want to be able to use a password along with one of the SSL dh_anon modes to protect the whole session from sniffing. Have a good one. Chuck _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Re: What would we want in a new Netcat/Hping?, (continued)
- Re: What would we want in a new Netcat/Hping? Andreia Gaita (Jun 15)
- Re: What would we want in a new Netcat/Hping? Fyodor (Jun 15)
- Re: What would we want in a new Netcat/Hping? Andreia Gaita (Jun 15)
- Re: What would we want in a new Netcat/Hping? Leon (Jun 15)
- Message not available
- Re: What would we want in a new Netcat/Hping? Leon (Jun 15)
- Re: What would we want in a new Netcat/Hping? Simon Spencer (Jun 16)
- Re: What would we want in a new Netcat/Hping? Andreia Gaita (Jun 16)
- Re: What would we want in a new Netcat/Hping? Simon Spencer (Jun 16)
- Re: What would we want in a new Netcat/Hping? Fyodor (Jun 15)
- Re: What would we want in a new Netcat/Hping? Chuck (Jun 15)