Hi, [Moderator: Sorry for mailing this to vuln-dev this morning...] Adam Manock (abmanockat_private) wrote: > The encrypted activities of a hypothetical SSH worm could be logged using a > honeypot and a network sniffing logger, one that just so happens to have > the honeypot's private SSH key. SSHmitm of the dsniff toolkit might provide Actually, in case of a worm the simplest solution might be to keep an strace of the sshd running, it is quite trivial to restore the unencrypted session contents from there. A worm is unlikely to find out/care that it is being traced. ciao, -- Thomas Themel | CenterPoint Connective Software Engineering GmbH Hauptplatz 8/4 | System Administrator / Software Developer 9500 Villach | <http://www.cpointc.com/> +43 676 846623-13| work thomas.themelat_private play thomasat_private
This archive was generated by hypermail 2b30 : Tue Feb 12 2002 - 09:08:58 PST