On 02-May-01 Kurt Seifried wrote:
This is timely. Remember that this problem was fixed in OpenSSH quite some time ago (i.e. when they discovered it... howcome ssh.com didn't figure this out? Add to this ssh.com's product not supporting more then 64 connections on the windows server product and a lot of other problems like this, it makes me wonder).
Yep, right. Recently I�ve addressed the problem to ssh.com. They haven�t answered yet, but talks we had earlier this year showed a possibility that the most urgent problems will be fixed in ssh 3. So they say.
url: http://www.unixreview.com/articles/2001/0104/0104i/0104i.htm
Passive Analysis of SSH Traffic April 2001
by Joe "Zonker" Brockmeier
It's widely known that applications like telnet, rsh, and rlogin are vulnerable to attacks that can monitor or "sniff" network traffic and obtain login passwords or other data sent over unencrypted connections. Protocols like SSH have been assumed to be safe even if an attack does monitor network traffic, because the transmitted data is encrypted.
Unfortunately, this is no longer the case, according to an advisory that was sent out by the Openwall Project and that discusses weaknesses in the SSH-1 and SSH-2 protocols. Although attackers may not be able to "read" transmitted data sent in a Secure Shell session, it's possible that they could guess the length of passwords and shell commands. The captured data could be used to try brute-force attacks on passwords. It should be noted, however, that it is still preferable to utilize encrypted protocols.
The Problems
SSH implementations using the SSH-1 protocol can expose the exact length of passwords, which can then be fed to password-cracking programs. Knowing the length of the password makes it easier for cracking programs to guess the password, but does not guarantee that they will be able to decipher it. The SSH-2 protocol discloses less information, but it is still possible to get a general range of password lengths. [...] Solutions
Some of the popular SSH implementations have fixes that address some of the possible traffic analysis attacks described by Openwall. OpenSSH 2.5.2 contains fixes for this vulnerability. If you are using OpenSSH, or would like to replace your current SSH implementation of SSH, you can obtain the most recent version from the OpenSSH Web site (http://www.openssh.com/).
PuTTY, a free implementation of SSH for Windows, is expected to contain a fix for this vulnerability with the 0.52 release. The latest version as of this writing is 0.51, which is a beta release.
Openwall has also provided a patch for SSH version 1.2.x, which can be found in their advisory here (http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt).
SSH Communications Security, which produces the most popular commercial version of SSH, has not made any announcements regarding this vulnerability. [...]
I did some research around sshow, compiled it, tested it, successfully. However, there are certain limitations to this kind of traffic analysis and an occasional pwd cracking attempt with its data, at least if we�re talking about ssh2. It�s not that trivial to get the right amount of information off of a busy network, and brute force attempts do create quite some noise in several logfiles, which should be noticed even by an not-so-skilled admin. L0pht Heavy Industrie�s antisniff (www.securitysoftwaretech.com/antisniff/index.html) may be even more valuable now as sshow and other analysis tools set network interfaces into promiscous mode. sshow, if seen as a proof-of-concept code, nicely shows both the danger and power of traffic analysis, a mostly underrated form of attack given the common stack smashing hysteria ;-))
Kurt
---
Boris Lorenz