On Tue, 2004-03-16 at 15:37, tickticker wrote:
> How do you give away your combination to anyone sniffing the network?
> Wouldn't they have to sniff the correct ports in the correct order?
> It's more like a password, where each of the chars can be any of 65000
> possibilities. Much harder to crack than any regular old password
Austin is right. Anyone sniffing the network will see a common pattern
of traffic just before the SSH connection. If the eavesdropper has a
keen enough eye, it will become obvious what you are doing.
To address that in my first implementation, I wrote a wrapper script
around sshd that would alter the combination in cd00r.conf after each
ssh session using an arbitrary algorithm that I made up. Didn't matter
what it was as long as I knew how to calculate the next change (and no
one else knew).
Of course, I am no cryptographer so my simpleton algorithm would be
easily crackable by someone observing my sessions over time. Just added
an extra element of confusion that probably bought me enough time until
I could change the algorithm. Besides, the wrapper also fired an email
to my cellphone anytime someone sent the correct combination of packets
and tickled sshd.
This, of course, is probably what Austin meant when he said "it starts
getting cumbersome." ;~)
Unfortunately, I recently rebuilt that box and I never got around to
re-configuring this mousetrap. Now I wish I had saved that code so I
could post it.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)