Alright, Cliff.
I will think about some sniffer tests and
see how it goes.
Or, I will look for a hacker to do that.
Thank you.
-Umesh.
-----Original Message-----
From: Cliff Friedel [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 03, 2000 11:42 AM
To: Umesh Mallugari
Cc: '[EMAIL PROTECTED]'
Subject: RE: Robustness of SSHd....
Unfortunately I am not sure if there is anything out there that performs
the type of tests you are looking for (at least for sshd). I would think
you could write a program that would take a better look at the packet
information that the other side sends to make sure it hadn't been
hijacked (ie: tcp sequence information, packet header info, etc.). You
could also do some kind of ARP/RARP test to make sure you
are getting only the MAC/IP combo you were looking for (of course this
would not work on dial-up connections as they don't have MACS). The last
idea may also not work if they are using passive listener (ie: A
promiscuous ethernet device with the TX line cut). Traceroute info could
also be useful to make sure the info was going through all the hops it
should. A nice idea (although possibly impractical) would be frequent key
changes through a source other than the connection [sneakernet exchanges
or FEDEX]. This would make it more difficult to brute force the keys.
So the short answer, I am not sure if they do make testing tools
to determine the strength of the tunnel. I do think though that integrity
testing could be done with a lot of tools on hand to make sure you are
really getting the person you think you are. Hope this helps =).
Cliff
> Cliff,
>
> I agree with you on basic testing i.e., for encryption.
> But, what about testing for 'breach' and things like
> that?
>
> Thank you.
>
> -Umesh.
>
> -----Original Message-----
> From: Cliff Friedel [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 26, 2000 5:04 PM
> To: Umesh Mallugari
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: Robustness of SSHd....
>
>
> If you are looking for an extremely basic test, you could watch your
> packets with tcpdump and see how randomized the data is that leaves or
> enters your interface (as unencrypted traffic tends to have patterns
> associated with it. IE: a telnet sessions data has a characteristic
> pattern you can see by viewing the packet.).
>
> You could also intercept packets with a known statement in them and see if
> you could read the statement using a sniffer. If you can, the info is not
> encrypted.
>
> Just some basic ideas. Please let me know if this helps.
>
> Cliff
>
> On Thu, 2 Mar 2000, Umesh Mallugari wrote:
>
> > Hi folks,
> >
> > Could you tell me how to test the
> > security robustness of a SSH server?
> > Are there any tools available out there?
> >
> > Thank you.
> >
> > -Umesh.
> >
>
