[fw-wiz] ssh holes? Trojans? [long]

Jeffery.Gieser@minnesotamutual.com Jeffery.Gieser@minnesotamutual.com
Tue, 26 Sep 2000 08:22:45 -0500


#OK, you're scaring me. If you've seen a working implementation of a
product
#that can do SSH MitM without a compromised client and allowing cleartext
#monitoring of the traffic that's a *serious* flaw in the protocol.

#I don't mean to sound sceptical, but are you_sure_ that's what you're
#saying?

I think what he is talk about is there was an SSH server on the firewall.
The ssh connection is actually established between the firewall and the
outside client.  The firewall, in turn, establishes another connection with
the real SSH server on the internal side and proxies the traffic between
the two connections.  Since the external client is establishing the
connection with the firewall and NOT the internal client there is no MitM
attack occuring just a standard firewall proxy with some nice encryption.
This would allow you to monitor the traffic and create allow/deny rules on
the firewall while still providing privacy.  Of course, if the firewall is
hacked then your in big trouble.  Or maybe I'm just smoking crack:-)

Regards,
Jeffery Gieser