Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [suse-security] dns-Spoofing and ssh?
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Mon, 3 Apr 2006 11:12:39 +0200
  • Message-id: <20060403091239.GB13573@xxxxxxx>
On Thu, Mar 30, 2006 at 10:28:02AM +0200, Moskito wrote:
> Hello List,


> I just wondered how a dns-spoofing attack to ssh could work in general?

It's useful when using Rhosts authentication which do not use any crypto
but mimics the Berkley r-commands.

Note: Do NOT use Rhosts authentication. ;)

Thomas Biege <thomas@xxxxxxx>, SUSE LINUX, Security Support & Auditing
Self-preservation considerations prevented the author from exploring
the effects of rebooting the multi-user Unix machines.
-- Peter Gutmann

< Previous Next >
This Thread
  • No further messages