password authenticaton secure ?

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Thu Mar 8 11:41:26 EST 2001


On Wed, Mar 07, 2001 at 11:41:40AM -0800, Sunil K. Vallamkonda wrote:
> 
> My question is regarding the possibility of someone wiretapping the
> communication and repeat the action. What if an intruder notice that there's
> a secure session starting (by guessing at the dst IP address and
> unintelligible payload) and then start capturing all the packets on this
> session for the purpose of repeating the whole session again? The secure
> user could add/delete interfaces and stuff, therefore just by repeating this
> operation the intruder could generate a big problem on the network.
> 
> This could be prevented only by having a timestamp. 

no, you are wrong.

the session id is unique to each ssh connection, so you
cannot replay the data.





More information about the openssh-unix-dev mailing list