Solved

MiTM SSH session on a Cisco device talking TACACS+

Posted on 2016-11-02
1
29 Views
Last Modified: 2016-11-14
Experts,

In this scenario the client is running putty for the SSH client.
He needs to authenticate to a Cisco router.
The Cisco router is talking TACACS+ to the ACS server.

If an attacker was able to successfully MITM the connection between the client and the router, would the client get any type of warning that the connection is untrusted?  
In the HTTP world, the user will get a warning in a form of a browser warning.
If it the destination was an SSH server, the user will get also get a warning.
I'm just not sure how they will get a warning if it was a Cisco device.
0
Comment
Question by:trojan81
1 Comment
 
LVL 13

Accepted Solution

by:
SIM50 earned 500 total points
Comment Utility
TACACS+ doesn't have integrity checking built in. If you would do MiTM attack, it would have no way to tell if it's original or modified.

Edit: I misread your question. If a client connected previously to a router/switch, it would already have ssh signature cached. If the signature would change, a client would be notified.
1

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now