SUNWski

Higdon, David M - CNF Higdon.David at cnf.com
Wed Jul 26 00:34:46 EST 2000


It clearly shows that I have used the ssh command!
I am not using telnet. That is why I have such a 
concern.

It only shows this type of output from when I run 
the snoop command from a system that has ssh installed.

host1 -> host2    TCP D=22 S=4404 Syn Seq=3951258970 Len=0 Win=16384
host2 -> host1    TCP D=4404 S=22 Rst Ack=3951258971 Win=0

 
-David  


-----Original Message-----
From: Ricardo Cerqueira [mailto:rmcc at novis.pt]
Sent: Tuesday, July 25, 2000 4:10 AM
To: openssh-unix-dev at mindrot.org
Subject: Re: SUNWski


On Tue, Jul 25, 2000 at 12:36:17PM +1000, Damien Miller wrote:
> On Mon, 24 Jul 2000, Higdon, David M - CNF wrote:
> 
> > 
> > By running the snoop utility that comes with the Solaris
> > OS.
> > 
> > Here is the output from running snoop
> > 
> > Snoop is running on a third system that does not have ssh
> > installed.
> > 
> > I am trying to ssh from machine A to machine B 
> 
> It looks like you have telnetted to machine A from hostname.xxx.com! 
> This traffic is going across your net in the clear.

Right. He's using Telnet, and not SSH.
snoop should show something like this:

host1 -> host2    TCP D=22 S=4404 Syn Seq=3951258970 Len=0 Win=16384
host2 -> host1    TCP D=4404 S=22 Rst Ack=3951258971 Win=0

RC

> 
> -d
> 
> > 
> > from machine C
> > 
> > # snoop machine A
> >     machine A -> hostname.xxx.com TELNET C port=38920 s
> > hostname.xxx.com -> machine A     TELNET R port=38920 s
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 s
> > hostname.xxx.com -> machine A     TELNET R port=38920 s
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 h
> > hostname.xxx.com -> machine A     TELNET R port=38920 h
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 2
> > hostname.xxx.com -> machine A     TELNET R port=38920 2
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920  
> > hostname.xxx.com -> machine A     TELNET R port=38920  
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 m
> > hostname.xxx.com -> machine A     TELNET R port=38920 m
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 a
> > hostname.xxx.com -> machine A     TELNET R port=38920 a
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 c
> > hostname.xxx.com -> machine A     TELNET R port=38920 c
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 h
> > hostname.xxx.com -> machine A     TELNET R port=38920 h
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 i
> > hostname.xxx.com -> machine A     TELNET R port=38920 i
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 n
> > hostname.xxx.com -> machine A     TELNET R port=38920 n
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 e
> > hostname.xxx.com -> machine A     TELNET R port=38920 e
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 B
> > hostname.xxx.com -> machine A     TELNET R port=38920 B
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> > hostname.xxx.com -> machine A     TELNET R port=38920 Passphrase for key
"
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 m
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 o
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 n
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 g
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 0
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 0
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 s
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 e
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> > hostname.xxx.com -> machine A     TELNET R port=38920 
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> > hostname.xxx.com -> machine A     TELNET R port=38920 Authentication
succe
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> > hostname.xxx.com -> machine A     TELNET R port=38920 Last login: Tue
Jul 
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> > hostname.xxx.com -> machine A     TELNET R port=38920 Sun Microsystems
Inc
> >     machine A -> hostname.xxx.com TELNET C port=38920 
> > 
> > 
> > -David 
> > 
> > -----Original Message-----
> > From: Damien Miller [mailto:djm at mindrot.org]
> > Sent: Monday, July 24, 2000 4:47 PM
> > To: Higdon.David at cnf.com
> > Cc: 'Markus Friedl'; 'Brian Friday'; 'openssh-unix-dev at mindrot.org';
> > openssh at openssh.com
> > Subject: RE: SUNWski
> > 
> > 
> > On Mon, 23 Jul 2000, Higdon, David M - CNF wrote:
> > 
> > How do you see the login and password in the clear? Can you send a log
> > of such an event?
> > 
> > > 
> > > solaris 2.8
> > > openssh 2.1.1p4 
> > > openssl 0.0.5a
> > > zlib 1.1.3
> > > SUNWski
> > >  
> > > 
> > > - David 
> > > 
> > > 
> > > 
> > > -----Original Message-----
> > > From: Markus Friedl [mailto:markus.friedl at informatik.uni-erlangen.de]
> > > Sent: Sunday, July 23, 2000 7:10 AM
> > > To: Higdon, David M - CNF
> > > Cc: 'Brian Friday'; 'openssh-unix-dev at mindrot.org';
openssh at openssh.com
> > > Subject: Re: SUNWski
> > > 
> > > 
> > > On Thu, Jul 20, 2000 at 02:43:30PM -0700, Higdon, David M - CNF wrote:
> > > > What happens when you run snoop on the system
> > > > that you ssh from? Can you see your input in 
> > > > clear text? Because I can!
> > > 
> > > could you please show me? what versions of ssh are you using?
> > > 
> > > 
> > 
> > 
> 
> -- 
> | "Bombay is 250ms from New York in the new world order" - Alan Cox
> | Damien Miller - http://www.mindrot.org/
> | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
> 
> 
> 
> 

-- 
+-------------------
| Ricardo Cerqueira  
| PGP Key fingerprint  -  B7 05 13 CE 48 0A BF 1E  87 21 83 DB 28 DE 03 42 
| Novis  -  Engenharia ISP / Rede Técnica 
| Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal
| Tel: +351 21 3166700 (24h/dia) - Fax: +351 21 3166701





More information about the openssh-unix-dev mailing list