On 5/7/07, Darren Spruell <[EMAIL PROTECTED]> wrote:
On 5/7/07, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote:
> An attacker sets up a system with two wireless NICs: one associated to
> my network and another configured as an access point pretending to be
> an access point for my network. He runs a DHCP server on the AP
> interface and NATs traffic to my network. (I can imagine a
> sufficiently clever bridge setup that would be even harder to detect,
> but I don't know for certain if it could work.)
SSH makes provisions for detection/prevention of MITM attacks by
cryptographically verifying host identities. Assuming you use SSHv2
and the client verifies the fingerprint of the server's public key is
accurate, identity of the destination system can be assured.
1. where do you get the fingerprint for the first connection?
2. that's not the problem described. how does ssh know that its
connection is being NATed?
