 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
I would not want to say that anything is completely safe, but I would expect that ssh is among the least likely services to be compromised in this way. Once the channel is opened, all of the data is handled using a cryptographic exchange that would guarantee authentication. Even if the circuit could be intercepted, ssh would not allow a third party to conduct a man-in-the-middle attack. Also, ssh has some protection against an attack being conducted during the negotiation of the inital exchange, if the hosts have ever exchanged keys before. -- Mike On 2000-05-15 at 09:43 -0400, Christoph Doerbeck A242369 wrote: > Perhaps someone else can elaborate even further on this, but I've been reading > up on "port hijacking". Apparently, after a TCP connection completes, the > port remains open for a timeout-period during which, an intruder can exploit > various attacks to gain access or execute DOS (Denial of Service). > > At any rate, to my understanding one of the DNS exploits is based on this. > > I would think that making your gloabal timeouts larger is counter productive > and it might be wiser to shorten the SSH keep-alive heartbeats... > > Comments? Or am I completely off base... - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
