Re: SSH bruteforce on its way...

From: Michael Lang (Michael.Lang_at_jackal-net.at)
Date: 10/26/05

  • Next message: Lionel Ferette: "Re: SSH bruteforce on its way..." 
    To: Lionel Ferette <lionel.ferette@belnet.be>
Date: Wed, 26 Oct 2005 10:17:53 +0200

    On Wed, 2005-10-26 at 08:29 +0200, Lionel Ferette wrote:
    > Hello Michael,
    >

    Hello Lionel,

    > In the wise words of Michael.Lang@jackal-net.at, on Tuesday 25 October 2005
    > 09:29:
    > [SNIP]
    > > I've put the session data on a website
    > > (http://www.jackal-net.at/tiki-read_article.php?articleId=20) where you can
    > > see what i've setup and what the guys where doing. (currently only one
    > > session is online but i'm sure, others will follow :) ... )
    > Just had a look at that page, and I would recommend against using ethereal to
    > capture traffic: there are too many vulnerabilities in ethereal's decoders (a
    > few have been disclosed last week) to allow that program to run unattended as
    > root (needed to capture traffic). Instead, I always recommend to use tcpdump:
    > tcpdump -s 1500 -w traffic.trace port 22
    > (in your case you're only interested in ssh traffic, aren't you? otherwise,
    > just skip the 'port 22' part).
    >
    > Then, *as a normal user*, open the trace file with ethereal if you don't like
    > tcpdump's output of
    > tcpdump -s 1500 -r traffic.trace -X

    i´m running ethereal on a Host *outside* of the Machine which runs
    Fedora Core4 Ethereal version ethereal-0.10.13-1.FC4.2 which should be
    aware of all currently known issues.
    thanks anyway

    Kind regards
    Michael Lang

    >
    > Regards,
    >
    > Lionel
    > 

    -- 
Michael Lang <Michael.Lang@jackal-net.at>
  • Next message: Lionel Ferette: "Re: SSH bruteforce on its way..."

    Relevant Pages