Description
I am reaching out to explore a potential similarity I noticed in packet handling between SSH-MITM and the Terrapin Attack, as highlighted in the discussion of Pull Request #163 on the SSH-MITM repository.
It appears that both methods involve discarding certain packets during the SSH key exchange process.
In SSH-MITM, packets are discarded during kex-init:
ssh-mitm/sshmitm/workarounds/transport.py
Lines 178 to 188 in 4fc3ef4
According to the Terrapin Attack website, packet discarding is a crucial aspect of their methodology.
The packet handling techniques used in SSH-MITM, as seen in the GitHub blame for sshmitm/workarounds/transport.py, were implemented 1-2 years ago. This timeline suggests a noteworthy context: both SSH-MITM and the Terrapin Attack utilize similar methods for manipulating SSH packets. This parallel raises intriguing questions about the Terrapin Attack's exploitability and security implications. The pre-existing nature of these techniques in SSH-MITM might warrant a reevaluation of the Terrapin Attack's impact on SSH security.
I would like to respectfully request the SSH-MITM developers to conduct an evaluation of the Terrapin Attack. This evaluation would greatly benefit the cybersecurity community by clarifying the differences and similarities between SSH-MITM's techniques and those used in the Terrapin Attack. Understanding these nuances is crucial for assessing the relevance and impact of such attacks on both current and future Man-in-the-Middle (MitM) vulnerabilities.