Date: Wed, 01 Dec 1999 14:12:09 -0800 From: Deepwell Internet <freebsd@deepwell.com> To: Jason Hudgins <thanatos@incantations.net>, freebsd-security@freebsd.org Subject: Re: logging a telnet session Message-ID: <4.2.0.58.19991201140744.014d5dd0@mail1.dcomm.net> In-Reply-To: <Pine.BSF.4.10.9912011557010.20827-100000@eddie.incantation s.net> References: <Pine.BSF.4.21.9912011444500.51911-100000@anchovy.orem.iserver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul also suggested leaking the cleartext before encryption which is also good. It would roughly double the local bandwidth used by him, but I can't doubling telnet/ssh would be a big deal. a netstat may give this away, but you could use udp to send the plaintext to the logging host. As for writing this from scratch, you may be able to find something like this in a rootkit. At 04:00 PM 12/1/99 -0600, you wrote: > > No. Remember, you're the one calling the shots. Go ahead and trojan your > > own sshd to leak session keys so you can decrypt the sniffed sessions, or > > even better, have it leak the cleartext before encrypting it. > >Well, I think it would be easier to just trojanize some binaries on >the cracked box (like ps) and make the logging process invisible then to >trojan sshd AND write a decryption client of sorts. > > > The original poster wanted to watch a telnet session anyway. > >Yeah, I was the original poster, I'm just talking theory now. =) > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19991201140744.014d5dd0>