[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: hijacked SSH sessions

To: or-talk@xxxxxxxxxxxxx
Subject: Re: hijacked SSH sessions
From: Taka Khumbartha <scarreigns@xxxxxxxxx>
Date: Mon, 16 Oct 2006 23:06:51 -0700
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 17 Oct 2006 02:05:43 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:organization:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=o1aiWDJxNa39Z10mDdFelbHAUxmn7TdVzRDcKnz2LnMHek1PyOeQcZEecAGkcngV0BNc6eAz6DBUQYR6Iw1PrNwvvxwKsEENb1cE27Gz5aLGp0Kfdnso3o0mm/ExGP3Bxug/rRRlKB7d4jMWaC94JDrYpOUXM4lC4pXRpx61M24=
In-reply-to: <20061016202556.GJ10171@fscked.org>
Organization: Scar Reigns, Inc.
References: <45331411.2020203@gmail.com> <20061016202556.GJ10171@fscked.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Perry @ 2006/10/16 13:25:
> Thus spake Taka Khumbartha (scarreigns@xxxxxxxxx):
> 
>> today i have had several attempted "man in the middle" attacks on my
>> SSH sessions.  i am not sure which exit node(s) i was using, but the
>> MD5 hash of the fingerprint of the spoofed host key is:
>>
>> 4d:64:6f:bc:bf:4a:fa:bd:ce:00:b0:8e:c9:40:60:57
>>
>> and it does not matter which host i connect to, the MD5 hash
>> presented it always the same.
> 
> Interesting. Could be another upstream chinese ISP, or DNS poisoning
> again. Were you using SOCKS4A/SOCKS5 or did you connect direct to an
> IP?
> 

i was using socks4 protocol within my ssh application, but directly passed an IP address to Tor.


-----BEGIN PGP SIGNATURE-----

iQA/AwUBRTRyvV4XwiTbvfKgEQLO1QCgmjBBNebKhMe96kDj/BaBNtfOl1AAmwVk
krvrq8+CqIiQ7xW2n+snGjIL
=0YVv
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: hijacked SSH sessions
  - From: Mike Perry

References:
- hijacked SSH sessions
  - From: Taka Khumbartha
- Re: hijacked SSH sessions
  - From: Mike Perry

Prev by Author: Re: hijacked SSH sessions
Next by Author: Re: Sending mail on OS X
Previous by thread: Re: hijacked SSH sessions
Next by thread: Re: hijacked SSH sessions
Index(es):
- Author
- Thread