[PLUG] Challenging the Man-in-the-Middle (fwd)
sendai
sendai at thedustyshelf.com
Tue Apr 16 19:47:39 UTC 2002
>>Nice article Rich.
>>
>>I'm guess I'm naïf; could someone please elaborate
>>
>> "and don't fall for the standard social engineering tricks"
>>
>>in this context for me?
When he mentions this it is before he has noticed the ssh problem, so he is
simply saying that some accounts have been hacked but that he does not
believe it was through social engineering(ie: "This is Joe from Sun calling
and <insert VP name> asked us to look at the system....").
As for the attack itself, man-in-the-middle attacks are primarily used to
sniff usernames and passwords or in a more advanced form (which it sounds
like we have here) to accept an ssh connection on the middle machine,
initiate a new connection to the intended host from the middle machine, and
then decrypt both the victims and the intended host's packets on the middle
machine while at the same time forwarding packets between the two outside
machines. It is similiar to the ATM (as in automated teller machine) hack
of the early to mid 90's.
--sendai
More information about the PLUG
mailing list