Detect attack man in the middle with IDS/IPS

Similar Messages

• Trusted Man-in-the-Middle

  Hi,
  I'm trying to build a trusted man-in-the-middle with JSSE and HttpClient .
  My main objective is to implement a proxy in order to control flow over my server.
  Can anyone help me with references, examples, or any other thing?
  I'm new to both technologies, so any help is appreciated!
  Thanks in advance!
  Regards,
  Pedro Lemos

  chiralsoftware.net wrote:
  That one is pretty easy. Make an ordinary SSL connection to the proxy. This connection will be made by the browser itself.
  chiralsoftware.net wrote:
  Then have the proxy make an ordinary SSL connection on to the server.This one I need to do. I understand that.
  chiralsoftware.net wrote:
  Change the DNS records to treat the proxy as the server.When using JSSE, i need to change DNS?
  I'm new to JSSE, but haven't seen any mention to DNS changes...
  chiralsoftware.net wrote:
  Does that make sense? Is that the usage you're looking for?It does makes sense, but not with JSSE usage, I think... correct me if I'm wrong.
  What I'm looking for is an implementation to do it within JSSE framework.

• Is FEP 2010 capable of securing computer against the man-in-the-middle attack?

  Hello
  Just would like to know if FEP 2010 is capable of preventing man-in-the-middle attack on computers with it installed?
  Thanks

  It is not the job of FEP or other Anti-Malware product to protect you against man-in-middle attacks, as it is not purpose of design of Anti-Malware. However, some of Man-in-Middle attacks are being blocked by Network Inspection System (NIS), which means
  if FEP detects any malicious package on a network which match signature of NIS , it will block it.
  Browser plays a very important role in blocking Man-in-Middle attack, for example if you use Internet Explorer, you have a better protection against this type of attack, take a look at:
  http://ie.microsoft.com/testdrive/Browser/MixedContent/Default.html

• SSH Man-in-the-middle Attack

  I currently am living abroad and use ssh to tunnel back home to a couple of different networks and servers. Recently my ISP wired my building for a new high-speed line, however I suspect a rogue tech has wired a man-in-the-middle machine between me and the internet. Am I crazy?
  Now when I try to connect to any of my back home networks, I get the warning "The server's host key does not match the one cached in the registry ... the new rsa2 fingerprint is: "xx:xx:xx:xx:yadayada".
  This same "new" rsa2 fingerprint pops up regardless of the network I try to connect to. This alone is suspicious, because each network should have a unique fingreprint. Regardless, I double checked and confirmed it is not one of my valid host keys.
  I can connect without this warning as long as I am not at my home network, and the cached host keys are still valid.
  I am left to believe that there is a device (with fingerprint xx:xx:xx:xx:yadayada) sitting between my router's WAN and the ISP's router's LAN.
  Is my ISP trying to steal my passwords? is there another logical explanation? If I do have a man-in-the-middle, how do I get him to go away? Can I bypass him?

  Below are (4) connections with *ssh -v -v -v*:
  The first two are connections to two remote hosts on a safe connection
  The last two are connections to the same two on the connection in question
  Not the last two give the man-in-the-middle warning, and share the SAME 'new' rsa fingerprint, I dont know why these would be the same unless there is a man in the middle.
  \\KNOWN SAFE CONNECTION - CONNECT TO REMOTE HOST #1
  My-Computer:root# ssh -p 1234 -c aes256-cbc -v -v -v [email protected]
  OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
  debug1: Reading configuration data /etc/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 1234.
  debug1: Connection established.
  debug1: permanentlysetuid: 0/0
  debug1: identity file /var/root/.ssh/identity type -1
  debug1: identity file /var/root/.ssh/id_rsa type -1
  debug1: identity file /var/root/.ssh/id_dsa type -1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
  debug1: match: OpenSSH_5.1 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_4.5
  debug2: fd 4 setting O_NONBLOCK
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: SSH2MSGKEXINIT sent
  debug1: SSH2MSGKEXINIT received
  debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kexparsekexinit: ssh-rsa,ssh-dss
  debug2: kexparsekexinit: aes256-cbc
  debug2: kexparsekexinit: aes256-cbc
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
  debug2: kexparsekexinit: none,[email protected],zlib
  debug2: kexparsekexinit: none,[email protected],zlib
  debug2: kexparsekexinit:
  debug2: kexparsekexinit:
  debug2: kexparsekexinit: firstkexfollows 0
  debug2: kexparsekexinit: reserved 0
  debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kexparsekexinit: ssh-rsa,ssh-dss
  debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected] m,hmac-sha1-96,hmac-md5-96
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected] m,hmac-sha1-96,hmac-md5-96
  debug2: kexparsekexinit: none,[email protected]
  debug2: kexparsekexinit: none,[email protected]
  debug2: kexparsekexinit:
  debug2: kexparsekexinit:
  debug2: kexparsekexinit: firstkexfollows 0
  debug2: kexparsekexinit: reserved 0
  debug2: mac_init: found hmac-md5
  debug1: kex: server->client aes256-cbc hmac-md5 none
  debug2: mac_init: found hmac-md5
  debug1: kex: client->server aes256-cbc hmac-md5 none
  debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<4096<8192) sent
  debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
  debug2: dhgenkey: priv key bits set: 252/512
  debug2: bits set: 2066/4096
  debug1: SSH2MSG_KEX_DH_GEXINIT sent
  debug1: expecting SSH2MSG_KEX_DH_GEXREPLY
  debug3: puthostport: [XX.XX.XX.XX]:1234
  debug3: puthostport: [XX.XX.XX.XX]:1234
  debug3: checkhost_inhostfile: filename /var/root/.ssh/known_hosts
  debug3: checkhost_inhostfile: match line 4
  debug3: checkhost_inhostfile: filename /var/root/.ssh/known_hosts
  debug3: checkhost_inhostfile: match line 4
  debug1: Host '[XX.XX.XX.XX]:1234' is known and matches the RSA host key.
  debug1: Found key in /var/root/.ssh/known_hosts:4
  debug2: bits set: 2051/4096
  debug1: sshrsaverify: signature correct
  debug2: kexderivekeys
  debug2: set_newkeys: mode 1
  debug1: SSH2MSGNEWKEYS sent
  debug1: expecting SSH2MSGNEWKEYS
  debug2: set_newkeys: mode 0
  debug1: SSH2MSGNEWKEYS received
  debug1: SSH2MSG_SERVICEREQUEST sent
  debug2: service_accept: ssh-userauth
  debug1: SSH2MSG_SERVICEACCEPT received
  debug2: key: /var/root/.ssh/identity (0x0)
  debug2: key: /var/root/.ssh/id_rsa (0x0)
  debug2: key: /var/root/.ssh/id_dsa (0x0)
  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
  debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
  debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
  debug3: authmethod_lookup gssapi-keyex
  debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
  debug3: authmethodisenabled gssapi-keyex
  debug1: Next authentication method: gssapi-keyex
  debug1: No valid Key exchange context
  debug2: we did not send a packet, disable method
  debug3: authmethod_lookup gssapi-with-mic
  debug3: remaining preferred: publickey,keyboard-interactive,password
  debug3: authmethodisenabled gssapi-with-mic
  debug1: Next authentication method: gssapi-with-mic
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: Miscellaneous failure
  No credentials cache found
  debug2: we did not send a packet, disable method
  debug3: authmethod_lookup publickey
  debug3: remaining preferred: keyboard-interactive,password
  debug3: authmethodisenabled publickey
  debug1: Next authentication method: publickey
  debug1: Trying private key: /var/root/.ssh/identity
  debug3: no such identity: /var/root/.ssh/identity
  debug1: Trying private key: /var/root/.ssh/id_rsa
  debug3: no such identity: /var/root/.ssh/id_rsa
  debug1: Trying private key: /var/root/.ssh/id_dsa
  debug3: no such identity: /var/root/.ssh/id_dsa
  debug2: we did not send a packet, disable method
  debug3: authmethod_lookup keyboard-interactive
  debug3: remaining preferred: password
  debug3: authmethodisenabled keyboard-interactive
  debug1: Next authentication method: keyboard-interactive
  debug2: userauth_kbdint
  debug2: we sent a keyboard-interactive packet, wait for reply
  debug2: inputuserauth_inforeq
  debug2: inputuserauth_inforeq: num_prompts 1
  Password:
  debug3: packet_send2: adding 16 (len 37 padlen 11 extra_pad 64)
  debug2: inputuserauth_inforeq
  debug2: inputuserauth_inforeq: num_prompts 0
  debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
  debug1: Authentication succeeded (keyboard-interactive).
  debug1: channel 0: new [client-session]
  debug3: sshsession2open: channel_new: 0
  debug2: channel 0: send open
  debug1: Entering interactive session.
  debug2: callback start
  debug2: clientsession2setup: id 0
  debug2: channel 0: request pty-req confirm 0
  debug3: ttymakemodes: ospeed 9600
  debug3: ttymakemodes: ispeed 9600
  debug3: ttymakemodes: 1 3
  debug3: ttymakemodes: 2 28
  debug3: ttymakemodes: 3 127
  debug3: ttymakemodes: 4 21
  debug3: ttymakemodes: 5 4
  debug3: ttymakemodes: 6 255
  debug3: ttymakemodes: 7 255
  debug3: ttymakemodes: 8 17
  debug3: ttymakemodes: 9 19
  debug3: ttymakemodes: 10 26
  debug3: ttymakemodes: 11 25
  debug3: ttymakemodes: 12 18
  debug3: ttymakemodes: 13 23
  debug3: ttymakemodes: 14 22
  debug3: ttymakemodes: 17 20
  debug3: ttymakemodes: 18 15
  debug3: ttymakemodes: 30 0
  debug3: ttymakemodes: 31 0
  debug3: ttymakemodes: 32 0
  debug3: ttymakemodes: 33 0
  debug3: ttymakemodes: 34 0
  debug3: ttymakemodes: 35 0
  debug3: ttymakemodes: 36 1
  debug3: ttymakemodes: 38 1
  debug3: ttymakemodes: 39 1
  debug3: ttymakemodes: 40 0
  debug3: ttymakemodes: 41 1
  debug3: ttymakemodes: 50 1
  debug3: ttymakemodes: 51 1
  debug3: ttymakemodes: 53 1
  debug3: ttymakemodes: 54 1
  debug3: ttymakemodes: 55 0
  debug3: ttymakemodes: 56 0
  debug3: ttymakemodes: 57 0
  debug3: ttymakemodes: 58 0
  debug3: ttymakemodes: 59 1
  debug3: ttymakemodes: 60 1
  debug3: ttymakemodes: 61 1
  debug3: ttymakemodes: 62 1
  debug3: ttymakemodes: 70 1
  debug3: ttymakemodes: 72 1
  debug3: ttymakemodes: 73 0
  debug3: ttymakemodes: 74 0
  debug3: ttymakemodes: 75 0
  debug3: ttymakemodes: 90 1
  debug3: ttymakemodes: 91 1
  debug3: ttymakemodes: 92 0
  debug3: ttymakemodes: 93 0
  debug2: channel 0: request shell confirm 0
  debug2: fd 4 setting TCP_NODELAY
  debug2: callback done
  debug2: channel 0: open confirm rwindow 0 rmax 32768
  debug2: channel 0: rcvd adjust 2097152
  Last login: Fri Nov 28 07:35:53 2008 from AA.AA.AA.AA.
  \\KNOWN SAFE CONNECTION - CONNECT TO REMOTE HOST #2
  My-Computer:root# ssh -p 1234 -c aes256-cbc -v -v -v [email protected]
  OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
  debug1: Reading configuration data /etc/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to YY.YY.YY.YY [YY.YY.YY.YY] port 1234.
  debug1: Connection established.
  debug1: permanentlysetuid: 0/0
  debug1: identity file /var/root/.ssh/identity type -1
  debug1: identity file /var/root/.ssh/id_rsa type -1
  debug1: identity file /var/root/.ssh/id_dsa type -1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
  debug1: match: OpenSSH_4.7 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_4.5
  debug2: fd 4 setting O_NONBLOCK
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: SSH2MSGKEXINIT sent
  debug1: SSH2MSGKEXINIT received
  debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kexparsekexinit: ssh-rsa,ssh-dss
  debug2: kexparsekexinit: aes256-cbc
  debug2: kexparsekexinit: aes256-cbc
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
  debug2: kexparsekexinit: none,[email protected],zlib
  debug2: kexparsekexinit: none,[email protected],zlib
  debug2: kexparsekexinit:
  debug2: kexparsekexinit:
  debug2: kexparsekexinit: firstkexfollows 0
  debug2: kexparsekexinit: reserved 0
  debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kexparsekexinit: ssh-rsa,ssh-dss
  debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected] m,hmac-sha1-96,hmac-md5-96
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected] m,hmac-sha1-96,hmac-md5-96
  debug2: kexparsekexinit: none,[email protected]
  debug2: kexparsekexinit: none,[email protected]
  debug2: kexparsekexinit:
  debug2: kexparsekexinit:
  debug2: kexparsekexinit: firstkexfollows 0
  debug2: kexparsekexinit: reserved 0
  debug2: mac_init: found hmac-md5
  debug1: kex: server->client aes256-cbc hmac-md5 none
  debug2: mac_init: found hmac-md5
  debug1: kex: client->server aes256-cbc hmac-md5 none
  debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<4096<8192) sent
  debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
  debug2: dhgenkey: priv key bits set: 267/512
  debug2: bits set: 2065/4096
  debug1: SSH2MSG_KEX_DH_GEXINIT sent
  debug1: expecting SSH2MSG_KEX_DH_GEXREPLY
  debug3: puthostport: [YY.YY.YY.YY]:1234
  debug3: puthostport: [YY.YY.YY.YY]:1234
  debug3: checkhost_inhostfile: filename /var/root/.ssh/known_hosts
  debug3: checkhost_inhostfile: match line 5
  debug3: checkhost_inhostfile: filename /var/root/.ssh/known_hosts
  debug3: checkhost_inhostfile: match line 5
  debug1: Host '[YY.YY.YY.YY]:1234' is known and matches the RSA host key.
  debug1: Found key in /var/root/.ssh/known_hosts:5
  debug2: bits set: 2052/4096
  debug1: sshrsaverify: signature correct
  debug2: kexderivekeys
  debug2: set_newkeys: mode 1
  debug1: SSH2MSGNEWKEYS sent
  debug1: expecting SSH2MSGNEWKEYS
  debug2: set_newkeys: mode 0
  debug1: SSH2MSGNEWKEYS received
  debug1: SSH2MSG_SERVICEREQUEST sent
  debug2: service_accept: ssh-userauth
  debug1: SSH2MSG_SERVICEACCEPT received
  debug2: key: /var/root/.ssh/identity (0x0)
  debug2: key: /var/root/.ssh/id_rsa (0x0)
  debug2: key: /var/root/.ssh/id_dsa (0x0)
  debug1: Authentications that can continue: publickey,password,keyboard-interactive
  debug3: start over, passed a different list publickey,password,keyboard-interactive
  debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
  debug3: authmethod_lookup publickey
  debug3: remaining preferred: keyboard-interactive,password
  debug3: authmethodisenabled publickey
  debug1: Next authentication method: publickey
  debug1: Trying private key: /var/root/.ssh/identity
  debug3: no such identity: /var/root/.ssh/identity
  debug1: Trying private key: /var/root/.ssh/id_rsa
  debug3: no such identity: /var/root/.ssh/id_rsa
  debug1: Trying private key: /var/root/.ssh/id_dsa
  debug3: no such identity: /var/root/.ssh/id_dsa
  debug2: we did not send a packet, disable method
  debug3: authmethod_lookup keyboard-interactive
  debug3: remaining preferred: password
  debug3: authmethodisenabled keyboard-interactive
  debug1: Next authentication method: keyboard-interactive
  debug2: userauth_kbdint
  debug2: we sent a keyboard-interactive packet, wait for reply
  debug2: inputuserauth_inforeq
  debug2: inputuserauth_inforeq: num_prompts 1
  Password:
  debug3: packet_send2: adding 32 (len 23 padlen 9 extra_pad 64)
  debug2: inputuserauth_inforeq
  debug2: inputuserauth_inforeq: num_prompts 0
  debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
  debug1: Authentication succeeded (keyboard-interactive).
  debug1: channel 0: new [client-session]
  debug3: sshsession2open: channel_new: 0
  debug2: channel 0: send open
  debug1: Entering interactive session.
  debug2: callback start
  debug2: clientsession2setup: id 0
  debug2: channel 0: request pty-req confirm 0
  debug3: ttymakemodes: ospeed 9600
  debug3: ttymakemodes: ispeed 9600
  debug3: ttymakemodes: 1 3
  debug3: ttymakemodes: 2 28
  debug3: ttymakemodes: 3 127
  debug3: ttymakemodes: 4 21
  debug3: ttymakemodes: 5 4
  debug3: ttymakemodes: 6 255
  debug3: ttymakemodes: 7 255
  debug3: ttymakemodes: 8 17
  debug3: ttymakemodes: 9 19
  debug3: ttymakemodes: 10 26
  debug3: ttymakemodes: 11 25
  debug3: ttymakemodes: 12 18
  debug3: ttymakemodes: 13 23
  debug3: ttymakemodes: 14 22
  debug3: ttymakemodes: 17 20
  debug3: ttymakemodes: 18 15
  debug3: ttymakemodes: 30 0
  debug3: ttymakemodes: 31 0
  debug3: ttymakemodes: 32 0
  debug3: ttymakemodes: 33 0
  debug3: ttymakemodes: 34 0
  debug3: ttymakemodes: 35 0
  debug3: ttymakemodes: 36 1
  debug3: ttymakemodes: 38 1
  debug3: ttymakemodes: 39 1
  debug3: ttymakemodes: 40 0
  debug3: ttymakemodes: 41 1
  debug3: ttymakemodes: 50 1
  debug3: ttymakemodes: 51 1
  debug3: ttymakemodes: 53 1
  debug3: ttymakemodes: 54 1
  debug3: ttymakemodes: 55 0
  debug3: ttymakemodes: 56 0
  debug3: ttymakemodes: 57 0
  debug3: ttymakemodes: 58 0
  debug3: ttymakemodes: 59 1
  debug3: ttymakemodes: 60 1
  debug3: ttymakemodes: 61 1
  debug3: ttymakemodes: 62 1
  debug3: ttymakemodes: 70 1
  debug3: ttymakemodes: 72 1
  debug3: ttymakemodes: 73 0
  debug3: ttymakemodes: 74 0
  debug3: ttymakemodes: 75 0
  debug3: ttymakemodes: 90 1
  debug3: ttymakemodes: 91 1
  debug3: ttymakemodes: 92 0
  debug3: ttymakemodes: 93 0
  debug2: channel 0: request shell confirm 0
  debug2: fd 4 setting TCP_NODELAY
  debug2: callback done
  debug2: channel 0: open confirm rwindow 0 rmax 32768
  debug2: channel 0: rcvd adjust 2097152
  Last login: Fri Nov 28 07:42:20 2008 from AA.AA.AA.AA
  \\ MAN-IN-THE-MIDDLE - CONNECT TO REMOTE HOST #1
  My-Computer:root# ssh -p 1234 -c aes256-cbc -v -v -v [email protected]
  OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
  debug1: Reading configuration data /etc/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 1234.
  debug1: Connection established.
  debug1: permanentlysetuid: 0/0
  debug1: identity file /var/root/.ssh/identity type -1
  debug1: identity file /var/root/.ssh/id_rsa type -1
  debug1: identity file /var/root/.ssh/id_dsa type -1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
  debug1: match: OpenSSH_4.7 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_4.5
  debug2: fd 4 setting O_NONBLOCK
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: SSH2MSGKEXINIT sent
  debug1: SSH2MSGKEXINIT received
  debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kexparsekexinit: ssh-rsa,ssh-dss
  debug2: kexparsekexinit: aes256-cbc
  debug2: kexparsekexinit: aes256-cbc
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
  debug2: kexparsekexinit: none,[email protected],zlib
  debug2: kexparsekexinit: none,[email protected],zlib
  debug2: kexparsekexinit:
  debug2: kexparsekexinit:
  debug2: kexparsekexinit: firstkexfollows 0
  debug2: kexparsekexinit: reserved 0
  debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kexparsekexinit: ssh-rsa,ssh-dss
  debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected] m,hmac-sha1-96,hmac-md5-96
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected] m,hmac-sha1-96,hmac-md5-96
  debug2: kexparsekexinit: none,[email protected]
  debug2: kexparsekexinit: none,[email protected]
  debug2: kexparsekexinit:
  debug2: kexparsekexinit:
  debug2: kexparsekexinit: firstkexfollows 0
  debug2: kexparsekexinit: reserved 0
  debug2: mac_init: found hmac-md5
  debug1: kex: server->client aes256-cbc hmac-md5 none
  debug2: mac_init: found hmac-md5
  debug1: kex: client->server aes256-cbc hmac-md5 none
  debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<4096<8192) sent
  debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
  debug2: dhgenkey: priv key bits set: 258/512
  debug2: bits set: 2023/4096
  debug1: SSH2MSG_KEX_DH_GEXINIT sent
  debug1: expecting SSH2MSG_KEX_DH_GEXREPLY
  debug3: puthostport: [XX.XX.XX.XX]:1234
  debug3: puthostport: [XX.XX.XX.XX]:1234
  debug3: checkhost_inhostfile: filename /var/root/.ssh/known_hosts
  debug3: checkhost_inhostfile: filename /var/root/.ssh/known_hosts
  @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
  IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
  Someone could be eavesdropping on you right now (man-in-the-middle attack)!
  It is also possible that the RSA host key has just been changed.
  The fingerprint for the RSA key sent by the remote host is
  60:c2:3a:(edited):94:8b:d7.
  Please contact your system administrator.
  Add correct host key in /var/root/.ssh/known_hosts to get rid of this message.
  Offending key in /var/root/.ssh/known_hosts:4
  RSA host key for [XX.XX.XX.XX]:1234 has changed and you have requested strict checking.
  Host key verification failed.
  \\ MAN-IN-THE-MIDDLE - CONNECT TO REMOTE HOST #2
  My-Computer:root# ssh -p 1234 -c aes256-cbc -v -v -v [email protected]
  OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
  debug1: Reading configuration data /etc/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to YY.YY.YY.YY [YY.YY.YY.YY] port 1234.
  debug1: Connection established.
  debug1: permanentlysetuid: 0/0
  debug1: identity file /var/root/.ssh/identity type -1
  debug1: identity file /var/root/.ssh/id_rsa type -1
  debug1: identity file /var/root/.ssh/id_dsa type -1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
  debug1: match: OpenSSH_4.7 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_4.5
  debug2: fd 4 setting O_NONBLOCK
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: Miscellaneous failure
  No credentials cache found
  debug1: SSH2MSGKEXINIT sent
  debug1: SSH2MSGKEXINIT received
  debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kexparsekexinit: ssh-rsa,ssh-dss
  debug2: kexparsekexinit: aes256-cbc
  debug2: kexparsekexinit: aes256-cbc
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac- md5-96
  debug2: kexparsekexinit: none,[email protected],zlib
  debug2: kexparsekexinit: none,[email protected],zlib
  debug2: kexparsekexinit:
  debug2: kexparsekexinit:
  debug2: kexparsekexinit: firstkexfollows 0
  debug2: kexparsekexinit: reserved 0
  debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kexparsekexinit: ssh-rsa,ssh-dss
  debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected] m,hmac-sha1-96,hmac-md5-96
  debug2: kexparsekexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected] m,hmac-sha1-96,hmac-md5-96
  debug2: kexparsekexinit: none,[email protected]
  debug2: kexparsekexinit: none,[email protected]
  debug2: kexparsekexinit:
  debug2: kexparsekexinit:
  debug2: kexparsekexinit: firstkexfollows 0
  debug2: kexparsekexinit: reserved 0
  debug2: mac_init: found hmac-md5
  debug1: kex: server->client aes256-cbc hmac-md5 none
  debug2: mac_init: found hmac-md5
  debug1: kex: client->server aes256-cbc hmac-md5 none
  debug1: SSH2MSG_KEX_DH_GEXREQUEST(1024<4096<8192) sent
  debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
  debug2: dhgenkey: priv key bits set: 276/512
  debug2: bits set: 1982/4096
  debug1: SSH2MSG_KEX_DH_GEXINIT sent
  debug1: expecting SSH2MSG_KEX_DH_GEXREPLY
  debug3: puthostport: [YY.YY.YY.YY]:1234
  debug3: puthostport: [YY.YY.YY.YY]:1234
  debug3: checkhost_inhostfile: filename /var/root/.ssh/known_hosts
  debug3: checkhost_inhostfile: filename /var/root/.ssh/known_hosts
  @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
  IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
  Someone could be eavesdropping on you right now (man-in-the-middle attack)!
  It is also possible that the RSA host key has just been changed.
  The fingerprint for the RSA key sent by the remote host is
  60:c2:3a:(edited):94:8b:d7.
  Please contact your system administrator.
  Add correct host key in /var/root/.ssh/known_hosts to get rid of this message.
  Offending key in /var/root/.ssh/known_hosts:5
  RSA host key for [YY.YY.YY.YY]:1234 has changed and you have requested strict checking.
  Host key verification failed.

• Diffie-Hellman Algorithm and Man-in-the-middle attack

  From the RSA Security site, it says that Diffie-Hellman Algorithm
  is susceptable to the Man-in-the-middle attack, because there
  is not mechanism to prove the authenticity of the public keys
  being exchanged.
  Is it true then, the only way to protect against this,
  is the use of a signed certificate?

  or rather, the only way to protect against
  the attack is to authenticate before generating the
  DH secret key.
  signed certificates are one way of authenticating,
  userid/password, hardware token, biometrics are others.
  i guess you could use any of these after looking at
  trade-offs between security/useability.

• Man in the middle attack!@#$%^&*(?)

  this popped up when i tried to ssh my imac from my macbook pro through our home network:
  @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
  IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
  Someone could be eavesdropping on you right now (man-in-the-middle attack)!
  It is also possible that the RSA host key has just been changed.
  The fingerprint for the RSA key sent by the remote host is
  aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa.
  Please contact your system administrator.
  Add correct host key in /Users/Xelapond/.ssh/known_hosts to get rid of this message.
  Offending key in /Users/Xelapond/.ssh/known_hosts:1
  RSA host key for aaa.aaa.a.a has changed and you have requested strict checking.
  Host key verification failed.
  What do i do?
  Xelapond

  tele_player,
  A lot of ISPs do so in order to create a revenue stream for fixed IP addresses. They rotate addresses so subscribers won't run Web, mail, ftp, etc. servers without paying for the bandwidth use.
  -Wayne

• OpenSSL SSL/TLS Man-In-The-Middle Injection Attack CVE-2014-0224

  Can some help me to fix Open SSL Issue in Windows server 2008 R2 CVE-2014-0224 , Please advice

  Hi,
  From the description on Open SSL site, it is fixed in newer versions so could you update to the new version?
  https://www.openssl.org/news/vulnerabilities.html
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  CVE-2014-0224: 5th June 2014
  An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. (original advisory).
  Reported by KIKUCHI Masashi (Lepidum Co. Ltd.).
  Fixed in OpenSSL 1.0.1h (Affected 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  Fixed in OpenSSL 1.0.0m (Affected 1.0.0l, 1.0.0k, 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0)
  Fixed in OpenSSL 0.9.8za (Affected 0.9.8y, 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8e, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)
  If you have any feedback on our support, please send to [email protected]

• SSL and Man-in-the-Middle

  Ok guys,
  First, I'm not up on security issues. I had a security expert look over
  weblogic and SSL. He said that SSL was NOT a good protocol. It is what we
  are stuck with. He demonstrated in a matter of about 30 minutes a technique
  he called Man-In-The-Middle attack and was intercepting SSL traffic between
  the outside world and Weblogic SSL.
  Now the question. Is there any way to detect this or stop it from happening?
  Welogic never detected a security breach. I saw this demonstrated and know
  it can be done. How do you prevent this? Should there be a way for Weblogic
  SSL to detect if somone is doing this?
  Thanks,
  Mica Cooper

  An SSL man in the middle attack is possible if:
  1) The attacker manages to obtain your private key. Good server security
  should minimize the chances of this happening.
  2) The attacker can insert their own CA certificate into the browser and use
  this certificate to sign their own server certificate. This is tricky and
  can only be done if the attacker has some sort access to the machine(s) on
  which the client browsers run.
  3) The attacker manages to get a certificate from a CA your browser trusts
  and that certificate contains the common name of your server. This one
  basically requires the CAs misuse their keys. Hopefully this doesn't happen.
  4) The attacker uses their own server certificate and the user blindly
  clicks through the warnings the browser provides. There is nothing really
  that can be done to stop this one. If the user wants to ignore the warnings
  their browser pops up then that's their problem. Of course there are
  browsers out their that won't display any warnings (I'd say people shouldn't
  be using such browsers but then the vast majority of internet users don't
  have the security education or experience to make decisions like that
  themselves).
  "Mica Cooper" <[email protected]> wrote in message
  news:[email protected]...
  Tolu,
  No he didn't break it. He acted as the middleman. The server thought hewas
  the client and the client thought he was the server. He just set in the
  middle and swapped all the keys, then collected all the data. He had apiece
  of software commonly available on the net for doing this.
  Mica Cooper
  "Tolu Agbeja" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  do you mean he was able to break the key exchange protocol?
  A ssl session involves a handshaking period during which, based on a keyexchange protocol a pair of assymetric keys are used to negotiate asymetric
  key that will be used to encrypt data exchanged within that particular
  session.
  This is an interesting issue and I think it will serve the community
  well
  if you asked your security expert to let us know what he/she actually did.
  "Mica Cooper" <[email protected]> wrote:
  Ok guys,
  First, I'm not up on security issues. I had a security expert look over
  weblogic and SSL. He said that SSL was NOT a good protocol. It is what
  we
  are stuck with. He demonstrated in a matter of about 30 minutes atechnique
  he called Man-In-The-Middle attack and was intercepting SSL trafficbetween
  the outside world and Weblogic SSL.
  Now the question. Is there any way to detect this or stop it fromhappening?
  Welogic never detected a security breach. I saw this demonstrated andknow
  it can be done. How do you prevent this? Should there be a way forWeblogic
  SSL to detect if somone is doing this?
  Thanks,
  Mica Cooper

• Microsoft Windows Remote Desktop Protocol Server Man in the Middle Weakness

  Dear All
  i got a report from security team that i have this weakness on several servers in my domain, what i have to do here?
  Thanks

  The short answer:
  Mutual Authentication
  Depending on your environment, there are going to be different paths in order to achieve this goal.
  If your running a Win 2003 domain, this should help:
  How to configure a Windows Server 2003 terminal server to use TLS for server authentication
  http://support.microsoft.com/kb/895433
  Or if your running a Win 2008 domain, this provides some good info:
  Configuring Terminal Servers for Server Authentication to Prevent “Man in the Middle” Attacks
  http://blogs.msdn.com/b/rds/archive/2008/07/21/configuring-terminal-servers-for-server-authentication-to-prevent-man-in-the-middle-attacks.aspx

• Man in the middle

  Guys whats the best defense against Man in the middle attacks???
  for Client Server apps

  What normally prevents a man-in-the-middle attack is a certificate authority such as Verisign. Verisign acts as the trusted third party in an exchange. They certify that the public key you receive was transmitted by the proper sender.
  As an aside, you also have to worry about replay attacks. These can easily be stopped by embedding a timestamp in the encrypted message payload.
  - Saish

• I bought my 6 plus last night decided to upgrade the IOS 8 like they suggest and now all I see is a white screen with the apple sign in the middle with an occasional flashing red screen. Did my new phone seriously just crash? What do I do now?

  I bought my 6 plus last night decided to upgrade the IOS 8 like they suggest and now all I see is a white screen with the apple sign in the middle with an occasional flashing red screen. Did my new phone seriously just crash? What do I do now? I left it overnight with the white screen, thinking maybe it'll go away and needs time to upgrade. Woke up this morning, nope still white screen. Very disappointed with Apple. I was so excited to get my phone and can't even use it right now.

  First turn the iPhone off and back on and see if it works.  If that doesn't work then do a Reset by holding the Sleep / Wake Button (The Power Button) and the Home Button at the same time until the white Apple Logo appears, the release both Buttons and wait until a Full Reset occurs.  The iPhone 6 should come back to your Lock-Screen.  If that doesn't work then you could connect the iPhone 6 via the Lightning Cable to a Computer with a Current Version of iTunes.  Then open iTunes on the Computer and wait until your see a Button that represents your attached iPhone and click on it.  This should bring up a Summary Screen on the Computer within iTunes.  At that point your can choose Update Software if an Update is available or Restore the iPhone to Factory Settings / New In The Box, or you could try to Restore from your Backup if a current Backup had already been saved from a previous iPhone.
  If you don't have a computer with iTunes and you can get the iPhone back on, then go to Settings>General>Software Update and see if the iPhone is still on iOS 8.0 or if it is now on iOS 8.0.2

• SQL Injection detection with IDS/IPS on cisco ASA?

  Hi
  Is it possible to detect or prevent SQL injection attacks using Cisco IDS/ IPS on ASA or with regular expressions?
  Is there any signature available in IDS/IPS for this? And how effective it is in terms of generating correct alarms?
  Thanks in advance

  Deepak,
  We have several signatures that detect generic SQL injection attacks in the 5930-x family of signatures.

• My mac is coming up with a white page with a picture of a file in the middle with a ? mark in and keeps flashing nothing will work ?

  Hi
  My daughter has a apple mac laptop.  It is coming up with a white page with a file picture with a ? mark in the middle of it.  It keeps flashing.  Nothing will work now and we car'nt seem to work it out.  Does anyone have any answers ?

  That folder with the question mark icon means that the MacBook can't find the boot directory. That can either mean it can't find the hard drive or the Operating System data on the hard drive is somehow corrupted.
  Put your install DVD into the optical drive and reboot. As soon as you hear the boot chime, hold down the "c" key on your keyboard (or the Option key until the Install Disk shows up). That will force your MacBook to boot from the install DVD in the optical drive.
  When it does start up, you'll see a panel asking you to choose your language. Just press the Return key on your keyboard once. It will then present you with an Installation window. Completely ignore this window and click on Utilities in the top menu and scroll down to Disk Utility and click it. When it comes up is your Hard Drive in the list on the left?
  If it is then click on the Mac OS partition of your hard drive in the left hand list. Then select the First Aid Tab and run Repair Disk. The Repair Disk button won't be available until you've clicked on the Mac OS partition on your hard drive. If that repairs any problems run it again until the green OK appears and then run Repair Permissions.
  If your hard drive isn’t recognized in Disk Utility then your hard drive is probably dead.

• STUCK on white screen with battery icon in the middle with RED LIGHT

  I have BB curve 8900 and my BB shutdown by itself yesterday and it wont start on again ! 
  so i charged it the red LED start to show and white screen with battery icon in the middle it looks like empty battery, and stuck on it and sometimes it keeps spinning over and over again until it bcome black screen then it starts the same begining !
  I tried the hard boot by taking the battery out for sometime and reinstalled it but it didn't work. I even try putting a different battery (friends battery) but still no joy.. 
  and the main catch is if i try taking out the battery and plug the charger or connects it to the laptop it does the same thing without even any battery in it.
  So is it really a Battery problem or the OS problem.?? (If its a OS problem, can u install it myself at home.?
  Waiting for the reply
  Thanks
  Jasdeep Jolly

  jasdeep_jolly wrote:
  if it does not boot then..??
  Well, you need to do as suggested first.
  Then, if not: If your BlackBerry stays powered off with a black screen, follow the instructions below. The only indication of life might be the blinking red LED light in the top corner. Nothing seems to wake it up and Desktop Manager doesn't recognize any device is connected.
  1) Make sure you have Blackberry Desktop Manager installed.
  http://na.blackberry.com/eng/services/desktop/
  2) On your PC, go to Start > Run and copy and paste the following line exactly (meaning with the quotation marks):
  "c:\program files\common files\research in motion\apploader\loader.exe" /nojvm
  3) The Application Loader Wizard will appear -- click "Next."
  4) In the "Connection:" drop-down menu, you should see "USB-PIN: UNKNOWN". Click the "Next" button.
  5) You should then see a list of applications ready to be installed for your Blackberry. Hit Next and Finish and you are well on your way to getting your Blackberry back to life. Congrats! Just don't disconnect anything and let the lengthy process finish completely.
  NOTE: If you do not see a list of applications mentioned in step 5 and instead see the message "The Blackberry Desktop Software does not have Blackberry Device Software for the device that you have connected to the computer. Contact your wireless service provider or system administrator," then you must download Blackberry's Operating System for your carrier and device.
  http://www.blackberryfaq.com/index.php/BlackBerry_Operating_System_Downloads
  Just select the appropriate carrier and network type, select your Blackberry model from the list and download the latest version. Install this download and follow the above steps again and you should be on the right path.
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Create a crosstab with hierarchy in the middle with SDK

  Here is how our crosstab looks like:
  <Hierarchy>      |  <measure1>  |  <measure2> |  <measure3>
  -----------------------|---------------------|---------------------|----------------
  Level 1                |          254         |           212        |           22
    Level 1.1           |          200         |           111        |           14
      Level 1.1.1      |           54          |           101        |            8
  Level 2                |          13           |             0          |            0
  This is our requirement:
  <measure1>   |  <measure2>  |        <Hierarchy>       |  <measure3>
  --------------------|---------------------|------------------------------|----------------
           254         |           212        |          Level 1              |           22
           200         |           111        |             Level 1.1        |           14
            54          |           101        |              Level 1.1.1    |            8
           13           |             0          |         Level 2               |            0
  Is this possible (with SDK)?

  Thats possible, check the simplecrosstab demo of the sdk (renderTable function).
  You have to look up whether the
  dimension has
       members with
            hierarchy nodes
                 and levels,
  then render it the way you want