My buddy and I have been playing with this on our BSD boxes and it's a "cool" little tool. It's made for purposes of good, but we know everyone won't. It's does the monkey in the middle attack. As pointed out earlier, it does arp poisoning in cases like this. Once you fire up ettercap you can tell it what you want to do. In this case you can choose the ssh sniffing. Ettercap will offer out a new key to the hosts, Normally the computer will complain (as noted in another email) and most users will say ok, let's accept the new key, when we played with it at school with our friends, they said something about the key changing but they all clicked ok to accept the new key. So the users are using ettercap's key, you accept the key from the server and you now act as a relay between the two. All info bound for the server goes thorugh you.
So it's not as much of an insecurity in the connections, it's mostly a user issue. Watch your keys, especially when they change unexpectedly (school changes thiers every 6 months). Hope this clears things up a little Rob On Tuesday 28 August 2001 11:12, Jan-Hendrik Palic wrote: > Hi all... > > I have a small question. > > I found on SF a small tool, which may sniffing SSH and HTTPS (not > tested). > > The Url is : > > http://ettercap.sourceforge.net/ > > Is it possible? Are SSH und HTTPS connections unsecure and how do we > make is secure than? > > Greetings > Jan ---------------------------------------- Content-Type: application/pgp-signature; charset="us-ascii"; name="Attachment: 1" Content-Transfer-Encoding: 7bit Content-Description: ----------------------------------------
