Skip to content

Terrapin Attack vs. SSH-MITM: Comparing Packet Handling #165

Open
@hmaier1996

Description

@hmaier1996

I am reaching out to explore a potential similarity I noticed in packet handling between SSH-MITM and the Terrapin Attack, as highlighted in the discussion of Pull Request #163 on the SSH-MITM repository.

It appears that both methods involve discarding certain packets during the SSH key exchange process.

In SSH-MITM, packets are discarded during kex-init:

if ptype not in self._expected_packet:
if ptype == 30:
# according to rfc 4253, the next packet should be ignored,
# when first_kex_packet_follows is True
# this is a workarround at the moment, but connection works
continue
raise SSHException(
"Expecting packet from {!r}, got {:d}".format(
self._expected_packet, ptype
)
) # noqa

According to the Terrapin Attack website, packet discarding is a crucial aspect of their methodology.

The packet handling techniques used in SSH-MITM, as seen in the GitHub blame for sshmitm/workarounds/transport.py, were implemented 1-2 years ago. This timeline suggests a noteworthy context: both SSH-MITM and the Terrapin Attack utilize similar methods for manipulating SSH packets. This parallel raises intriguing questions about the Terrapin Attack's exploitability and security implications. The pre-existing nature of these techniques in SSH-MITM might warrant a reevaluation of the Terrapin Attack's impact on SSH security.

I would like to respectfully request the SSH-MITM developers to conduct an evaluation of the Terrapin Attack. This evaluation would greatly benefit the cybersecurity community by clarifying the differences and similarities between SSH-MITM's techniques and those used in the Terrapin Attack. Understanding these nuances is crucial for assessing the relevance and impact of such attacks on both current and future Man-in-the-Middle (MitM) vulnerabilities.

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions