Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: su vs login as root
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Fri, 11 Jan 2002 02:40:55 -0700
  • Message-id: <007701c19a84$1120b000$6400030a@xxxxxxxxxxxx>
Chances are if they can monitor the stream they can inject stuff, do a
dsniff attack, other nifty things. The keystroke timing is cool though, and
works surprisingly well (i.e. significantly narrowing the search space).
Basically it's a lesson that yes traffic analysis works, and it can be
combatted intelligently. Things like putting in a timing loop to openssh and
delaying packets till the next 10 or 50 ms interval for example so packet
timing gets delayed a bit and isn't as informative. As for guessing
passwords: use ssh keys. Chances are if an attacker can get at your keys
(i.e. they are your uid, or root's uid) they can also install a keylogger
(as root, or as a user set your login profile to start a wrapper shell/etc).


Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/





< Previous Next >
Follow Ups
References