Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: How Penetrable are SSH/SCP?

__/ [Leo Fellmann] on Monday 19 September 2005 22:33 \__

> Bodo Eggert wrote:
>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> wrote:
>> 
>> 
>>>About twice a week, I mirror my hard-drive over the network as means of
>>>backup. I use SCP for that purpose. Also, much of my work is done via
>>>SSH. To what extent is a highly proficient system admin able to scoop and
>>>analyse packets? To what extent can the type of the data be analysed? Can
>>>anybody point to a good source on the subject?
>> 
>> 
>> Your data will be assigned to both endpoints, and the shape of the
>> traffic will reveal the nature of the content.
> 
> Yes, well he _wants_ the data assigned to both endpoints or there'd
> hardly be much point in the whole exercise :)
> 
> I'm not sure what you mean when you say that traffic analysis could
> reveal the nature of the content? There were some such attacks but that
> was back in 2002 or so on ssh v1, notably concerning password lengths.
> Should not be a problem if you are using the latest version of OpenSSH
> or some such.
> 
>> The ident server may reveal the usernames on one or both systems.
> 
> That's what it's for :)
> If this is a problem it should be turned off, but it's not really an ssh
> problem.
> 
>> If you use SSH protocol version 1, a man in tne middle attack is
>> possible.
> 
> Yup. 'Course, almost nobody uses it nowadays, or at least I hope.

Thanks a bunch, guys. I am now feeling much more comfortable and re-assured.

I hope you can understand why I had some reasons for concern. I use the
latest version of Open SSH and it is not the case of a one-time transfer of
data. I am fairly sure that I will be "picked on someone's radar" if I
initiate ~100 GB of traffic per month (work backup in case of HDD crashes)
so I wanted to ensure no packet sniffing could be involved.

I was recently told that traffic is heavily monitored. With today's tools I
thought it would be possible to tell what sort of data was shifted (e.g.
telling apart SSH with X from SCP). Even though I transfer valid stuff, I
want to avoid the hassle of having to prove that.

Thanks again,

Roy

-- 
Roy S. Schestowitz      | Useless fact: 111111 X 111111 = 12345654321
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
  5:20am  up 25 days 17:34,  3 users,  load average: 0.11, 0.21, 0.43

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index