hijacked SSH sessions

Taka Khumbartha scarreigns at gmail.com
Tue Oct 17 06:06:51 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Perry @ 2006/10/16 13:25:
> Thus spake Taka Khumbartha (scarreigns at gmail.com):
> 
>> today i have had several attempted "man in the middle" attacks on my
>> SSH sessions.  i am not sure which exit node(s) i was using, but the
>> MD5 hash of the fingerprint of the spoofed host key is:
>>
>> 4d:64:6f:bc:bf:4a:fa:bd:ce:00:b0:8e:c9:40:60:57
>>
>> and it does not matter which host i connect to, the MD5 hash
>> presented it always the same.
> 
> Interesting. Could be another upstream chinese ISP, or DNS poisoning
> again. Were you using SOCKS4A/SOCKS5 or did you connect direct to an
> IP?
> 

i was using socks4 protocol within my ssh application, but directly passed an IP address to Tor.


-----BEGIN PGP SIGNATURE-----

iQA/AwUBRTRyvV4XwiTbvfKgEQLO1QCgmjBBNebKhMe96kDj/BaBNtfOl1AAmwVk
krvrq8+CqIiQ7xW2n+snGjIL
=0YVv
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list