> On Tue, 2004-03-16 at 15:37, tickticker wrote:
>> How do you give away your combination to anyone sniffing the network?
>> Wouldn't they have to sniff the correct ports in the correct order?
>> It's more like a password, where each of the chars can be any of 65000
>> possibilities. Much harder to crack than any regular old password
>
> Austin is right. Anyone sniffing the network will see a common pattern
> of traffic just before the SSH connection. If the eavesdropper has a
> keen enough eye, it will become obvious what you are doing.
>
> To address that in my first implementation, I wrote a wrapper script
> around sshd that would alter the combination in cd00r.conf after each
> ssh session using an arbitrary algorithm that I made up. Didn't matter
> what it was as long as I knew how to calculate the next change (and no
> one else knew).
>
> Of course, I am no cryptographer so my simpleton algorithm would be
> easily crackable by someone observing my sessions over time. Just added
> an extra element of confusion that probably bought me enough time until
> I could change the algorithm. Besides, the wrapper also fired an email
> to my cellphone anytime someone sent the correct combination of packets
> and tickled sshd.
>
> This, of course, is probably what Austin meant when he said "it starts
> getting cumbersome." ;~)
>
> Unfortunately, I recently rebuilt that box and I never got around to
> re-configuring this mousetrap. Now I wish I had saved that code so I
> could post it.
>
How do you have it send messages to your cell phone? That's cool
Alex
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)