Clayton's Tech Bits

Home

Contact

Resumé / C.V.

Links

Search this site:

Categories:

/ (223)
  Admin/ (85)
    Apache/ (7)
      HTTPS-SSL/ (4)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (3)
    Monitoring/ (2)
      munin/ (2)
    OpenVPN/ (1)
    SSH-Proxy/ (3)
    SSH-SSL/ (6)
    backups/ (15)
      SpiderOak/ (1)
      backuppc/ (5)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (1)
    commandLine/ (11)
    crontab/ (1)
    databases/ (8)
      MSSQL/ (2)
      MySQL/ (5)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (9)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (6)
    iptables/ (2)
    virtualization/ (8)
      VMware/ (1)
      virtualBox/ (7)
  Coding/ (11)
    bash/ (1)
    gdb/ (1)
    git/ (2)
    php/ (4)
    python/ (3)
      Django/ (1)
  Education/ (1)
  Hosting/ (23)
    Amazon/ (14)
      EBS/ (3)
      EC2/ (11)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (20)
    Awesome/ (3)
    CPUfreq/ (1)
    Chinese/ (1)
    Debian/ (5)
      WPA/ (1)
    audio/ (1)
    encryption/ (2)
    fonts/ (1)
    misc/ (4)
    router-bridge/ (2)
  SW/ (39)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (25)
      Drupal/ (8)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (6)
      WebERP/ (2)
      eGroupware/ (1)
    email/ (1)
    fileSharing/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (12)
    IMchat/ (1)
    circumvention/ (2)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (1)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (13)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

2012/01

2011/12

2011/11

2011/10

2011/09

2011/08

2011/07

2011/06

2011/05

2011/04

2011/02

2010/12

2010/11

2010/10

2010/09

2010/08

2010/07

2010/06

2010/05

2010/04

2010/03

2010/02

2010/01

2009/12

2009/11

2009/10

2009/09

2009/08

2009/07

2009/06

2009/05

2009/04

2009/03

2009/02

2009/01

2008/12

2008/11

2008/10

2008/09

Subscribe XML RSS Feed

Sun, 24 May 2009

---

/Security/hacking: Did I Just Experience an Attempted "Man-in-the-Middle" Attack?

Normally, of course, one expects that an encrypted connection between two computers will be private and free of eavesdroppers. But of course, no defence is perfect....

Just now I tried to SSH from China into one of my servers in the USA. The SSH command failed, with a big banner saying that the key that the server just answered with was not the same as the last time I logged in, and that I might be the subject of a Man-in-the-Middle Attack.

In a Man-in-the-Middle Attack, someone on a network between me and my destination (those "people" running the Great Firewall of China come to mind, for instance) intercepts my communication with my server, and pretends to be my server. They relay the connection to the actual server, so if I were to ignore the warning about the bad key and log in anyway, I would actually succeed in logging into my server. But whoever intercepted and forwarded the connection would now be able to eavesdrop on the communication, and I bet (do not know right off hand) that they might get my server password as well.

My response? I tried an SSH into a second server in the USA, and from there SSH'ed into the first server. No problem with both of those. Then I tried a direct connection straight from home to the first server again. This time it worked. No hacker in the middle.

Do not take security warnings (from software you trust, for which SSH definitely qualifies) lightly.

posted at: 00:59 | path: /Security/hacking | permanent link to this entry