> On Tue, 2004-03-16 at 15:37, tickticker wrote:
>> How do you give away your combination to anyone sniffing the network?
>> Wouldn't they have to sniff the correct ports in the correct order?
>> It's more like a password, where each of the chars can be any of 65000
>> possibilities.  Much harder to crack than any regular old password
>
> Austin is right.  Anyone sniffing the network will see a common pattern
> of traffic just before the SSH connection.  If the eavesdropper has a
> keen enough eye, it will become obvious what you are doing.
>
> To address that in my first implementation, I wrote a wrapper script
> around sshd that would alter the combination in cd00r.conf after each
> ssh session using an arbitrary algorithm that I made up.  Didn't matter
> what it was as long as I knew how to calculate the next change (and no
> one else knew).
>
> Of course, I am no cryptographer so my simpleton algorithm would be
> easily crackable by someone observing my sessions over time.  Just added
> an extra element of confusion that probably bought me enough time until
> I could change the algorithm.  Besides, the wrapper also fired an email
> to my cellphone anytime someone sent the correct combination of packets
> and tickled sshd.
>
> This, of course, is probably what Austin meant when he said "it starts
> getting cumbersome."  ;~)
>
> Unfortunately, I recently rebuilt that box and I never got around to
> re-configuring this mousetrap.  Now I wish I had saved that code so I
> could post it.
>


How do you have it send messages to your cell phone? That's cool

Alex
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss