Reply to post: Wireshark is my shell...

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network

Brian Miller

Wireshark is my shell...

OK, the way that it works is that first of all you have to monitor ALL of the traffic from the server. That's the first (unlikely) step.

The SSH connection will go through some connection packets, trying some authentication schemes first, and finally fall back to waiting on client-side user input. The user input is sent one character in a packet at a time to the other server, so it's easy to spot. Then there comes a big blast from the server, with your message-of-the-day, etc. And then the user types a command, etc. So yeah, the password is easy to spot. And you will know the timing of the user's key stokes.

What the researchers are getting at is because the network card is so efficient, it's like they are monitoring the sound of the keystrokes on the user's own keyboard. And then you are screwed just based on the timing of your typing.

So be spastic. Make mistakes. Pause ... like William Shatner for ... no apparent ... reason.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019