[Gllug] SFTP Server

Simon A. Boggis simon at dcs.qmul.ac.uk
Mon Apr 14 02:24:18 UTC 2003 

On Wed, 2003-04-09 at 13:21, Tethys wrote:
> 
> Doug Winter writes:
> 
> >Personally I'd say that this doesn't increase security by much in the
> >real world.  Yes, someone could be sniffing your network, but in reality
> >they aren't.  Although it's a plausible risk, it's not a high one.
> 
> Agreed. It's much less of an issue in today's world of switched networks
> than it was back when ssh was written (when almost everyone just used
> hubs).

It is worth pointing out that switched networks usually provide illusory
protection against a moderately determined sniffer.

A switched network does indeed prevent simple packet capture - so if
your would-be-attackers aren't very good you might be alright. However,
with a little ARP manipulation using widespread tools you can capture
any data you wish from a switched network. Some of these tools are
available as part of Debian woody, for example.

Of course, using a switched network is still better than not
(performance aside) because you force your attackers into making an
active, and therefore in principle detectable, attack. The bad news is
that in practice most of us wouldn't notice (ever, or until far too
late!).

I would expect that you'd also have a fair chance at defeating OOB
management using VLANs by playing similar tricks with ARP, or by simply
attempting to get the switch to "fail open", but I don't have much VLAN
experience to back that up.

Another reason not to assume that you are safe from sniffing is the
recent ethernet frame padding vulnerability which linux was vulnerable
to. By sending small packets to a vulnerable machine you receive replies
where failure to pad out packets properly results in the reply
containing data from "other" packets. A remote attacker can use this to
"sniff" data passing through a router, or to get passwords from a
machine running pop, imap, telnet, telnet etc.

Simon

-- 
----------------------------------------------------------------------
Dr Simon A. Boggis                                  Systems Programmer
Department of Computer Science,                     Tel. 020 7882 7522
Queen Mary, University of London, London E1 4NS UK. 
---- GPG public key <http://www.dcs.qmul.ac.uk/~simon/#publickey> ----


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list