I am reaching out to explore a potential similarity I noticed in packet handling between SSH-MITM and the Terrapin Attack, as highlighted in the discussion of Pull Request #163 on the SSH-MITM repository.
It appears that both methods involve discarding certain packets during the SSH key exchange process.
In SSH-MITM, packets are discarded during kex-init:
|
if ptype not in self._expected_packet: |
|
if ptype == 30: |
|
# according to rfc 4253, the next packet should be ignored, |
|
# when first_kex_packet_follows is True |
|
# this is a workarround at the moment, but connection works |
|
continue |
|
raise SSHException( |
|
"Expecting packet from {!r}, got {:d}".format( |
|
self._expected_packet, ptype |
|
) |
|
) # noqa |
According to the Terrapin Attack website, packet discarding is a crucial aspect of their methodology.
The packet handling techniques used in SSH-MITM, as seen in the GitHub blame for sshmitm/workarounds/transport.py, were implemented 1-2 years ago. This timeline suggests a noteworthy context: both SSH-MITM and the Terrapin Attack utilize similar methods for manipulating SSH packets. This parallel raises intriguing questions about the Terrapin Attack's exploitability and security implications. The pre-existing nature of these techniques in SSH-MITM might warrant a reevaluation of the Terrapin Attack's impact on SSH security.
I would like to respectfully request the SSH-MITM developers to conduct an evaluation of the Terrapin Attack. This evaluation would greatly benefit the cybersecurity community by clarifying the differences and similarities between SSH-MITM's techniques and those used in the Terrapin Attack. Understanding these nuances is crucial for assessing the relevance and impact of such attacks on both current and future Man-in-the-Middle (MitM) vulnerabilities.
I am reaching out to explore a potential similarity I noticed in packet handling between SSH-MITM and the Terrapin Attack, as highlighted in the discussion of Pull Request #163 on the SSH-MITM repository.
It appears that both methods involve discarding certain packets during the SSH key exchange process.
In SSH-MITM, packets are discarded during kex-init:
ssh-mitm/sshmitm/workarounds/transport.py
Lines 178 to 188 in 4fc3ef4
According to the Terrapin Attack website, packet discarding is a crucial aspect of their methodology.
The packet handling techniques used in SSH-MITM, as seen in the GitHub blame for sshmitm/workarounds/transport.py, were implemented 1-2 years ago. This timeline suggests a noteworthy context: both SSH-MITM and the Terrapin Attack utilize similar methods for manipulating SSH packets. This parallel raises intriguing questions about the Terrapin Attack's exploitability and security implications. The pre-existing nature of these techniques in SSH-MITM might warrant a reevaluation of the Terrapin Attack's impact on SSH security.
I would like to respectfully request the SSH-MITM developers to conduct an evaluation of the Terrapin Attack. This evaluation would greatly benefit the cybersecurity community by clarifying the differences and similarities between SSH-MITM's techniques and those used in the Terrapin Attack. Understanding these nuances is crucial for assessing the relevance and impact of such attacks on both current and future Man-in-the-Middle (MitM) vulnerabilities.