12 April 2001

Question & Answer Sessions

Larry Plato: who is our new host?

He's a Cisco guy and a damn find human being.

Netlinx on Ellsworth -- who are they?

Some sort of network place, probably.

Is there such a thing as 1-channel dedicated ISDN for under $60?

$59 from might be your best bet.

Set up a centrex with "remote extensions" for clients; ISDN can end up costing less than POTS lines this way. (Or so I'm told.)

Any experience with two-way satellite connections?

Not yet, but soon, maybe. RadioShack/Compaq/StarBand/MSN has a package. Try looking at DishNetwork, too.

"If you have any other option, use that option." -- some wag on Slashdot

StarBand USB external box is hobbled to force use with drivers specific to WinBoxen. (Then can be hardware hacked, though.)

Ricochet in Ann Arbor with anything other than a WinBox?

They're in Detroit now, offering 256k. They're in Ypsilanti, too. No rumors about AA yet, however. They should work with non-WinBoxes.

Why is DSL bad?

DSL isn't bad ... it just has some bad providers.

As mentioned on the mailing list, lots of it went away recently. (I.e., Northpoint went bye-bye.)

Too much DSL in the '90s.

What list? ... that's where.

Exchange client for Linux?

Exchange should have POP3 and IMAP, less they've figured out how to disable it.

"VMware!" -- someone in the room

Latest Red Hat -- can't do better than 640x480; suggestions?

Xfree86 4.0 supports far fewer video cards than 3.3.6 does. That might be it.

netbsd prism2 wireless card with SMC 807.11?

Not sure what to do here.

Any suggestions for honey pots with bad attitudes?

Make the counter attack a delayed one. Use all the file descriptors on the errant box.

Small scale inbound 56K dialup w/BRI and Netserver 8I?

No real experience. Troy was looking at this a few years ago, but didn't persue it.

Cloning Debian system: how to?

Need to look at apget man page for export option.

Best linux (or bsd) for ease-of-install on a notebook (8 Gb disk)?

Debian, says Paul.

"I already told you you're installing Red Hat on it."

Slackware 7.1 is nice.

Does becki sit in front of someone with an ink well?

No, but she does sit in front of Chris Polk.

Will you sign becki's Hash Bash petition?


Jobs: Got 'em? Want em?

Talk to Troy if you got 'em. Danno says Pfeiser is looking.

Is Gigabit ethernet > 80Km?

Not that anyone knows of.


Niels Provos talks about OpenSSH . . .

SSH Background

Unencrypted Network Traffic Password sniffing (tools available, e.g. dsniff) Command insertion Security with Encryption No depoyable solution available in 1995 (SKIP and IPSEC in infancy) Key exchange with RSA encryption in SSHv1 Host keys need to be configured on client man in the middle attacks: dsniff Confidentiality Encryption with 3DES or Blowfish Integrity No cryptographic message authentication insertion attacks possible

OpenSSH History

OpenBSD wanted to include SSH in base system license more restrictive every year OSSH from Byoern Groenvall based on ssh 1.2.12, last free release OpenSSH created by OpenBSD developers Based on OSSH Replaced al crtypo and GPL components with free software mostly OpenSSL Roadtrips to Canada Completely free source base Improvements SSH v1.5 protocol support (Markus Friedl), backwqards compatible with SSH v1.3 Kerberos authentication s/key one-time password authentication bug fixes First release in 1999 with OpenBSD 2.6 Further improvement Portable version created by Damien Miller, Philip Hands, etc... SSH2 Protocol support (Markus Friedl!)

SSHv1 and SSHv2 Differences

SSHv1 protocol has security weaknesses poorly designed key exchange no strong integrity protection IETF SecSH WG formed to design protocol v2 (SSH name was taken by the Site Security Handbook WG) Key Exchange Authenticated Diffe-Hellman Authentication with DSA, now RSA, too. Keys derivation for ciphers and MAC sounder Cryptographic MAC (Msg. Authent. Code) Message authentication with HMAC-SHA1 Diffie-Hellman Group Exchange Proposed by OpenSSH project to improve key exchange Instead of using a fixed group, the server can send new groups to the server Flexible Extensions Sub-systems can be configured very easily sftp is a secure ftp client for SSHv2 that makes use of the subsystem feature It is a replacement for scp, thought OpenSSH also runs scp over SSHv2

Recent SSH Security Issues

CORE-SDI deattack Deattack prevents insertion attacks in the SSHv1 protocol Heap overflow, remotely exploitable Fixed in OpenSSH, four months before it was known to be exploitable Bleichenbacher RSA Oracle Query a server to decrypt a session key Traffic Analysis Initial login password length can be guessed Single key strokes can be monitored No echo means a user types a password

Scanning the Internet for SSH servers

This can be interesting (don't scan .mil sites; Oak Ridge wasn't too happy about it)

Scanning since September 2000

Scanning 2.4 million random addresses every two weeks

Scanning from various hosts The scanning creates back pressure Can only scan a few times from one location

Use of SSHv2 is growing, as is OpenSSH use (bigger share of "marketplace")


OpenSSH ScanSSH People who have helped Bob Beck, Aaron Campbell, Markus Friedl, Philip Hands, Damien Miller, Niels Provos, Theo de Raadt, Dug Song, Kevin Steves and many others

Rumor & Innuendo (No names, please)

Next OpenSSH will include https support.

"I used to really hate Ameritech, but now I have Verizon."

[ Return to the SEMiSLUG minutes page ]