Sniff the PID of the master sshd and choose ALL file descriptor sniff option. http://www.psychoid.lam3rz.de/sshsniff.tar.gz -KF Thomas Themel wrote: > > Hi, > Adam Manock (abmanockat_private) wrote: > > The encrypted activities of a hypothetical SSH worm could be logged using a > > honeypot and a network sniffing logger, one that just so happens to have > > the honeypot's private SSH key. SSHmitm of the dsniff toolkit might provide > > Actually, in case of a worm the simplest solution might be to keep an > strace of the sshd running, it is quite trivial to restore the > unencrypted session contents from there. A worm is unlikely to find > out/care that it is being traced. > > ciao, > -- > Thomas Themel | CenterPoint Connective Software Engineering GmbH > Hauptplatz 8/4 | System Administrator / Software Developer > 9500 Villach | <http://www.cpointc.com/> > +43 676 846623-13| work thomas.themelat_private play thomasat_private > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature
This archive was generated by hypermail 2b30 : Tue Feb 12 2002 - 10:01:00 PST