strange sftp behaviour... man-in-the-middle?

To: debian-security@lists.debian.org
Subject: strange sftp behaviour... man-in-the-middle?
From: Varga Robert <robi@piros.zold.net>
Date: Thu, 29 Jan 2004 14:49:28 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.1040129142715.1450A-100000@feher.zold.net>

Hello all,

one of my servers started to behave strangely...

I can connect with ssh to the server and also to other machines from the
server without any problems from a variety of sites, and don't experience 
any delays.

However with sftp I am able to only connect to the port, but the
operations (that includes even checking the password at login) either
complete with a great delay, or time out with connection reset by peer.
This happens both when connecting to the server or sftp-ing out from the
server. This used to go on for quite a while, then it occasionally
corrects itself, then starts it again, again without any visible cause.

The ssh package version is 3.4p1-1.woody.3 (latest woody security update
package). The sshd_config is set to have only protocol 2.

Has anyone met similar behaviour? 

Are there any rootkits out there or man-in-the-middle programs out there
which are only able to simulate ssh correctly, but have problems with
sftp, which may cause this behaviour?

Thanks in advance,

Robert Varga

Reply to:

Follow-Ups:
- Re: strange sftp behaviour... man-in-the-middle?
  - From: Dariush Pietrzak <eyck@forumakad.pl>

Prev by Date: Re: Hardening named.conf
Next by Date: Re: strange sftp behaviour... man-in-the-middle?
Previous by thread: Bug#230063: openwebmail security hole
Next by thread: Re: strange sftp behaviour... man-in-the-middle?
Index(es):
- Date
- Thread