Monday, December 22, 2008

SSHv2 trickery

Current SSHv2 implementations suffer from a 'vulnerability' that allows traffic analysis
to match incoming and outgoing connections from a box. In case you use a SSH shell
on some box for anonymity before you SSH to some other box, a global observer
may correlate the traffic on the end-box and the box in between to find out
who actually connected to the end-box. Especially by observing packet sizes
and time differences of the connection, it is possible to see when something is typed
and what amount of output comes back. This works no matter of how many
hops are in between. It is then possible to finally find out the originating IP address.
SSHv2 specification was not really designed for anonymity or measures against
advanced traffic analysis, even if they have SSH_MSG_IGNORE packets.
I wrote a patch that adds constant delay and packet-size to the connection no matter
whether something is typed and how much is done one the connection.
You can find it here.

3 comments:

Anonymous said...

was this merged upstream. do they plan to do so?

Anonymous said...

any idea if this will be merged upstream?

Sebastian said...

I dont think they will. SSH2 protocol
doesnt really support you when
it comes to anti-timing measures.
For ptotocol reasons the message
size is heavily reduced. A new
SSH3 protocol should have better support
for it. SSH2 MSG_IGNORE and packet
formats suck when it comes to this.