[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Anonymous SSH Hack.
I'm not going to comment on the attack side of your post as, if nothing
else, this isn't really the forum, but the following is probably worth
noting in terms of potential leakage when SSH'ing over Tor.
You probably want to pass the following
VerifyHostKeyDNS=no
Don't attempt to do lookups of the host's key fingerprint - those queries
will go out over your local connection
CheckHostIP=no
Don't do a DNS lookup of the host, the Tor exit node's going to do that
anyway, and again, the queries will be observable by your ISP
PubkeyAuthentication=no
Don't present any public keys which you might have configured the SSH
client to look for. They can be logged at the remote end
Instead of running connect, you can also use Netcat to pass traffic to Tor
ProxyCommand="nc -X 5 -x localhost:9050 %h %p"
Ben
On Mon, Sep 12, 2016 at 1:29 PM, Andrzej Wysocki <neomahakala108@xxxxxxxxx>
wrote:
> hello,
>
> i am an amateur hacker, but i wish to work in the Cyber Security in the EU
> NATO Structure, probably in a small Company or a Corporation soon.
>
> i've written an article about SSH Dictionary Hack over TOR, didn't check if
> it works yet though (no time mostly).
>
> i could use a constructive critic,
>
> the article is there:
> > [ http://paco-knife-tarot.blogspot.com/2016/09/anonymous-ssh-hack.html
> ].
>
> thanks in advance.
>
> --
> Andrzej 'neo' Wysocki.
> professionally 'artistic software dev & hacker, paradigmatist, net admin'.
>
> * Art & Dharma Teachings drawing board (unfinished yet) :
> http://artndharmat.appspot.com/
> * Martial Arts, Tactics & Combat Psychology :
> http://martial-arts-tactics-psyche.blogspot.com/
> <http://martial-arts-tactics.blogspot.com/>
> * Dragonfly Algorithm (IT Blog) : http://dragonfly-algorithm.blogspot.com/
> * Functional Paradigm (IT Blog) : http://functional-paradigm.blogspot.com/
> * deviantART: http://neo-mahakala-108.deviantart.com/
> * LinkedIn: http://www.linkedin.com/in/neomahakala108
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
--
Ben Tasker
https://www.bentasker.co.uk
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk