SUNWski
Ricardo Cerqueira
rmcc at novis.pt
Tue Jul 25 21:10:16 EST 2000
On Tue, Jul 25, 2000 at 12:36:17PM +1000, Damien Miller wrote:
> On Mon, 24 Jul 2000, Higdon, David M - CNF wrote:
>
> >
> > By running the snoop utility that comes with the Solaris
> > OS.
> >
> > Here is the output from running snoop
> >
> > Snoop is running on a third system that does not have ssh
> > installed.
> >
> > I am trying to ssh from machine A to machine B
>
> It looks like you have telnetted to machine A from hostname.xxx.com!
> This traffic is going across your net in the clear.
Right. He's using Telnet, and not SSH.
snoop should show something like this:
host1 -> host2 TCP D=22 S=4404 Syn Seq=3951258970 Len=0 Win=16384
host2 -> host1 TCP D=4404 S=22 Rst Ack=3951258971 Win=0
RC
>
> -d
>
> >
> > from machine C
> >
> > # snoop machine A
> > machine A -> hostname.xxx.com TELNET C port=38920 s
> > hostname.xxx.com -> machine A TELNET R port=38920 s
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 s
> > hostname.xxx.com -> machine A TELNET R port=38920 s
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 h
> > hostname.xxx.com -> machine A TELNET R port=38920 h
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 2
> > hostname.xxx.com -> machine A TELNET R port=38920 2
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 m
> > hostname.xxx.com -> machine A TELNET R port=38920 m
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 a
> > hostname.xxx.com -> machine A TELNET R port=38920 a
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 c
> > hostname.xxx.com -> machine A TELNET R port=38920 c
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 h
> > hostname.xxx.com -> machine A TELNET R port=38920 h
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 i
> > hostname.xxx.com -> machine A TELNET R port=38920 i
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 n
> > hostname.xxx.com -> machine A TELNET R port=38920 n
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 e
> > hostname.xxx.com -> machine A TELNET R port=38920 e
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 B
> > hostname.xxx.com -> machine A TELNET R port=38920 B
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920
> > hostname.xxx.com -> machine A TELNET R port=38920 Passphrase for key "
> > machine A -> hostname.xxx.com TELNET C port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 m
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 o
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 n
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 g
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 0
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 0
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 s
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920 e
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920
> > hostname.xxx.com -> machine A TELNET R port=38920
> > machine A -> hostname.xxx.com TELNET C port=38920
> > hostname.xxx.com -> machine A TELNET R port=38920 Authentication succe
> > machine A -> hostname.xxx.com TELNET C port=38920
> > hostname.xxx.com -> machine A TELNET R port=38920 Last login: Tue Jul
> > machine A -> hostname.xxx.com TELNET C port=38920
> > hostname.xxx.com -> machine A TELNET R port=38920 Sun Microsystems Inc
> > machine A -> hostname.xxx.com TELNET C port=38920
> >
> >
> > -David
> >
> > -----Original Message-----
> > From: Damien Miller [mailto:djm at mindrot.org]
> > Sent: Monday, July 24, 2000 4:47 PM
> > To: Higdon.David at cnf.com
> > Cc: 'Markus Friedl'; 'Brian Friday'; 'openssh-unix-dev at mindrot.org';
> > openssh at openssh.com
> > Subject: RE: SUNWski
> >
> >
> > On Mon, 23 Jul 2000, Higdon, David M - CNF wrote:
> >
> > How do you see the login and password in the clear? Can you send a log
> > of such an event?
> >
> > >
> > > solaris 2.8
> > > openssh 2.1.1p4
> > > openssl 0.0.5a
> > > zlib 1.1.3
> > > SUNWski
> > >
> > >
> > > - David
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Markus Friedl [mailto:markus.friedl at informatik.uni-erlangen.de]
> > > Sent: Sunday, July 23, 2000 7:10 AM
> > > To: Higdon, David M - CNF
> > > Cc: 'Brian Friday'; 'openssh-unix-dev at mindrot.org'; openssh at openssh.com
> > > Subject: Re: SUNWski
> > >
> > >
> > > On Thu, Jul 20, 2000 at 02:43:30PM -0700, Higdon, David M - CNF wrote:
> > > > What happens when you run snoop on the system
> > > > that you ssh from? Can you see your input in
> > > > clear text? Because I can!
> > >
> > > could you please show me? what versions of ssh are you using?
> > >
> > >
> >
> >
>
> --
> | "Bombay is 250ms from New York in the new world order" - Alan Cox
> | Damien Miller - http://www.mindrot.org/
> | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
>
>
>
>
--
+-------------------
| Ricardo Cerqueira
| PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42
| Novis - Engenharia ISP / Rede Técnica
| Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal
| Tel: +351 21 3166700 (24h/dia) - Fax: +351 21 3166701
More information about the openssh-unix-dev
mailing list