[Sussex] unauthorised ssh attempts

John Crowhurst fyremoon at fyremoon.net
Fri Aug 20 17:36:10 UTC 2004


> Karl
>
> Thanks for your info.
>
>>
>> Don't leave VNC open - that is an insecure protocol. Tunnel it over ssh
>> instead.
>>
>
> Am I right in thinking that the insecurity that you refer to is someone
> between A and B using a packet capture and then reverse engineering the
> screen refreshes?

Not just the screen refreshes, but as the password is sent cleartext
between the two machines, the password can simply be caught with the
packet capture.

> If so, how much of a risk is this really?  It sounds like quite a bit of
> trouble to me - someone inside an ISP specifically targeting my packets;
> it doesn't sound that easy to do, the sort of thing that would only be
> directed at "high value" targets.

Take a session with an NT/200X server for example, press Ctrl-Alt-Del and
type in the password for administrator. All the keystrokes being recorded
by the hacker are played back, and your NT/200X server is compromised.

The same goes with rlogin, rsh, rexec, ftp and telnet.

-- 
John




More information about the Sussex mailing list