mmm donc on remplace ssh qui est protocole offrant un acc�s prot�g�
cryptographiquement (donc authentication, encryption, anti replay etc..)
et dont le code de l'impl�mentation majeure (openssh) a �t� audit�
par un d�mon non s�curis� n'offrant plus que probablement pas d'authentification
du client (puisque le s�nario explique 'depuis une machine d'un copain')
ni du server...
nice attack:
- sniff a passwd:
-
for($i = 0; $i < 65535; $i++) {openport($i)}
sub openport {$lwp->connect($craftedURL.shift())}
On Sat, Oct 26, 2002 at 06:54:33PM +0000, NDV wrote:
> Bonsoir,
>
> Je ne peux m'empecher de poster ce lien:
>
> www.wildspark.com/asher/ipshutter/
>
> IPShutter lets you firewall off ports such as ssh, and selectively enable
> access with a one-time password. For example, if you want to log into the
> server from a friend's house, you pull out a list of one-time passwords
> and point the web browser at a URL that contains one password. That tells
> the server to allow ssh connections from your friend's IP address for five
> minutes. Connections made in that period will stay up indefinitely
>
> Magnifique :-)
>
> Nicolas
>
>
>
>
> _______________________________________________________
> Linux Mailing List - http://www.unixtech.be
> Subscribe/Unsubscribe: http://www.unixtech.be/mailman/listinfo/linux
> Archives: http://www.mail-archive.com/linux@;lists.unixtech.be
> IRC: efnet.skynet.be:6667 - #unixtech
--
-> Jean-Francois Dive
--> [EMAIL PROTECTED]
There is no such thing as randomness. Only order of infinite
complexity. - _The Holographic Universe_, Michael Talbot
_______________________________________________________
Linux Mailing List - http://www.unixtech.be
Subscribe/Unsubscribe: http://www.unixtech.be/mailman/listinfo/linux
Archives: http://www.mail-archive.com/linux@;lists.unixtech.be
IRC: efnet.skynet.be:6667 - #unixtech
