password authenticaton secure ?
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Thu Mar 8 11:41:26 EST 2001
On Wed, Mar 07, 2001 at 11:41:40AM -0800, Sunil K. Vallamkonda wrote:
>
> My question is regarding the possibility of someone wiretapping the
> communication and repeat the action. What if an intruder notice that there's
> a secure session starting (by guessing at the dst IP address and
> unintelligible payload) and then start capturing all the packets on this
> session for the purpose of repeating the whole session again? The secure
> user could add/delete interfaces and stuff, therefore just by repeating this
> operation the intruder could generate a big problem on the network.
>
> This could be prevented only by having a timestamp.
no, you are wrong.
the session id is unique to each ssh connection, so you
cannot replay the data.
More information about the openssh-unix-dev
mailing list