[ILUG] SSH dictionary attacks.
paul at clubi.ie
paul at clubi.ie
Thu Aug 24 16:33:57 IST 2006
On Thu, 24 Aug 2006, Badger wrote:
> If they can compromise the client then they could install a
> keystoke logger of sorts and pick up the ssh password when ssh keys
> are not being used.
The keylogger attack:
- requires privileges
(the ssh key could be retrieved by breaching just the unprivileged
user account)
- can either be detected or removed quite easily
- if it only modifies memory, a reboot and the logger is gone
- if it modifies filesystem to reinsert itself after reboot
then a boot from other media would allow one to detect the
logger.
The ssh key file can be stolen without the user ever noticing.
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
Famous Original Ray's Superior Court
More information about the ILUG
mailing list