Vulnerability Development mailing list archives
Re: Steady increase in ssh scans
From: Thomas Themel <thomas.themel () cpointc com>
Date: Tue, 12 Feb 2002 11:08:24 +0100
Hi, Adam Manock (abmanock () earthlink net) wrote:
The encrypted activities of a hypothetical SSH worm could be logged using a honeypot and a network sniffing logger, one that just so happens to have the honeypot's private SSH key. SSHmitm of the dsniff toolkit might provide
Actually, in case of a worm the simplest solution might be to keep an strace of the sshd running, it is quite trivial to restore the unencrypted session contents from there. A worm is unlikely to find out/care that it is being traced. ciao, -- Thomas Themel | CenterPoint Connective Software Engineering GmbH Hauptplatz 8/4 | System Administrator / Software Developer 9500 Villach | <http://www.cpointc.com/> +43 676 846623-13| work thomas.themel () cpointc com play thomas () themel com
Attachment:
_bin
Description:
Current thread:
- Re: Steady increase in ssh scans Thomas Themel (Feb 12)
- Re: Steady increase in ssh scans KF (Feb 12)