I have tried to implement a downgrade attack against the SSH protocol as the first steps (encryption protocols exchange) are not signed, as per RFC4253. The idea is to intercept (mitm) these steps and replace strong algorithms by weaker algorithms supported by both sides.
The replacement is working well, and server and client receive a weakened list of supported algorithms. However, the communication is directly interrupted when the server receive the client's list.
I have expected some protection against downgrade attack to be implemented by the protocol, but I don't see nowhere in RFC (or log files) how. SSL proceeds for instance by resending the first steps encrypted, to let the other side discover what the first steps were, and avoid this way any downgrade attack. But there is no re-send of anything tcpdump says.
What mechanisms prevent downgrade attacks on SSH?
Many thanks, and don't hesitate to ask for implementation details.
Aucun commentaire:
Enregistrer un commentaire