There are several methods of breaking into UNIX (and Linux) systems. Most of them are based on either pretending to be someone else or capturing authentication data on the network. SSH does not trust anything that comes through the network. An attacker on the network can only cause SSH to disconnect, not take over a session, or capture passwords. Here are some of the attacks that SSH protects against (from the SSH FAQ):
• IP spoofing— Where a remote host sends out packets which pretend to come from another, trusted host. SSH even protects against a spoofer on the local network, which can pretend it is your router to the outside.
• IP source routing— Where a host can pretend that an IP packet comes from another, trusted host.
• DNS spoofing— Where an attacker forges name server records.
• Packet sniffing— Interception of clear-text passwords and other data by intermediate hosts.
• Man in the middle— Manipulation of data by people in control of intermediate hosts.
• X11 spoofing— Attacks based on listening to X-Windows authentication data and spoofed connections to the X11 server.
Was this article helpful?