[Sussex] unauthorised ssh attempts
John Crowhurst
fyremoon at fyremoon.net
Fri Aug 20 17:36:10 UTC 2004
> Karl
>
> Thanks for your info.
>
>>
>> Don't leave VNC open - that is an insecure protocol. Tunnel it over ssh
>> instead.
>>
>
> Am I right in thinking that the insecurity that you refer to is someone
> between A and B using a packet capture and then reverse engineering the
> screen refreshes?
Not just the screen refreshes, but as the password is sent cleartext
between the two machines, the password can simply be caught with the
packet capture.
> If so, how much of a risk is this really? It sounds like quite a bit of
> trouble to me - someone inside an ISP specifically targeting my packets;
> it doesn't sound that easy to do, the sort of thing that would only be
> directed at "high value" targets.
Take a session with an NT/200X server for example, press Ctrl-Alt-Del and
type in the password for administrator. All the keystrokes being recorded
by the hacker are played back, and your NT/200X server is compromised.
The same goes with rlogin, rsh, rexec, ftp and telnet.
--
John
More information about the Sussex
mailing list