[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

hijacked SSH sessions

To: or-talk@xxxxxxxx
Subject: hijacked SSH sessions
From: Taka Khumbartha <scarreigns@xxxxxxxxx>
Date: Sun, 15 Oct 2006 22:09:37 -0700
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 16 Oct 2006 01:08:44 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:organization:mime-version:to:subject:content-type:content-transfer-encoding; b=CwcKPKAZ+YRs6Pc61Atvv2IUkkfuOnQaJOBnhC1FsbBMBmT0Iv/U3VntbUo9tXPA+pl8lfU4RATuEUKJid54ltXgTcN8LrA3Y2EBDYNucnyReW5pc7PJA4X2CNeDZiLtkrPlE+kkZDFRxcMHFs+/qvgW4bQNse/Qfcmjn+b+Wj4=
Organization: Scar Reigns, Inc.
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

today i have had several attempted "man in the middle" attacks on my SSH sessions.  i am not sure which exit node(s) i was using, but the MD5 hash of the fingerprint of the spoofed host key is:

4d:64:6f:bc:bf:4a:fa:bd:ce:00:b0:8e:c9:40:60:57

and it does not matter which host i connect to, the MD5 hash presented it always the same.

just a heads up

Follow-Ups:
- Re: hijacked SSH sessions
  - From: Michael Holstein
- Re: hijacked SSH sessions
  - From: Mike Perry
- Re: hijacked SSH sessions
  - From: Taka Khumbartha

Prev by Author: Re: Analyzing TOR-exitnodes for anomalies
Next by Author: Re: hijacked SSH sessions
Previous by thread: hardcode Tor nodes
Next by thread: Re: hijacked SSH sessions
Index(es):
- Author
- Thread