On Wed, 6 Jun 2001, Michael Jinks wrote:
> might dsniff or one of its components fit well here?
dsniff's crypto sniffing attacks work by fooling the user into accepting
the key proposed by the sniffer as the intended server's key. this can
occur when you have user intervention allowing those connections.
ie dsniff's webmitm presents a forged SSL cert, signed by whomever you
want it to be signed by. sshmitm presents its own ssh server key to the
client. it then completes the transaction to the other side, sitting in
the middle and bridging traffic, but while its decrypted it can record it.
while you could, in theory, have a NIDS do this, its an active disruption
of the security process which can itself be undermined by an attacker.
never mind that for each session you'd have to have one of these mitm
attacks going on, too.
as such, it doesn't seem like a good idea to use dsniff's capabilities to
do this.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
