similar to: Packets Sizes and Information Leakage

This message is a few years old so I cannot reply to the original, but it is still of current research interest. > So one of my coworkers is doing a little research on SSH usage in the > wild using netflow data. One of the things he's trying to do is > determine a way to differentiate between data transfers and interactive > sessions. We thought of a couple of ways but we wanted

On the request of a coworker looking for more information about our SSH users I developed a patch that provides extended logging capability for SSHD. Its been written with an eye towards machine parsing. This patch will write the following information to the standard system log: remote ip, remote port, & remote user name protocol number and client version information Encryption method, MAC

Ah, with an internal block size [Is that what one calls it?] of 64 bytes. From: Damien Miller <djm at mindrot.org> Sent: Wednesday, March 29, 2023 3:08 PM To: Robinson, Herbie <Herbie.Robinson at stratus.com> Cc: Chris Rapier <rapier at psc.edu>; Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: RE: [EXTERNAL] Re: ChaCha20 Rekey

On Thu, Aug 3, 2023 at 2:35?PM Chris Rapier <rapier at psc.edu> wrote: > > Howdy all, > > So, one night over beers I was telling a friend how you could use the > timing between key presses on a type writer to extract information. > Basically, you make some assumptions about the person typing (touch > typing at so many words per second and then fuzzing the parameters

Hi All, I am running asterisk 1.2. I have a softphone connecting from a coworkers home through their router using IAX2 through our router at the office. Both have port 4569 for TCP and UDP opened and forwarded to the right pc and server. I'm seeing Raw Hangup <person's IP address>, src=0. dst=10787 messages show up in the log like 10 every 5 seconds. We can still make calls and

On Thu, 7 Nov 2024 at 07:55, Chris Rapier <rapier at psc.edu> wrote: >[...]I had been using > Blake2b512 for the hashing algorithm but I want to put in a path to use > xxhash instead. Maintaining backward compatibility means I need to know > something about the remote. In the case of sftp at least, that sounds like a function of the sftp-server not sshd, in which case could you

On Fri, 8 Nov 2024 at 03:16, Darren Tucker <dtucker at dtucker.net> wrote: > > On Thu, 7 Nov 2024 at 07:55, Chris Rapier <rapier at psc.edu> wrote: > >[...]I had been using > > Blake2b512 for the hashing algorithm but I want to put in a path to use > > xxhash instead. Maintaining backward compatibility means I need to know > > something about the remote.

On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: > > I know that there are some methods to use federated identities (e.g. > OAuth2) with SSH authentication but, from what I've seen, they largely > seem clunky and require users to interact with web browsers to get one > time tokens. Which is sort of acceptable for occasional logins but > doesn't

https://bugzilla.mindrot.org/show_bug.cgi?id=1959 Bug #: 1959 Summary: Incorrect Sequence Numbers for NetFlow v9 export. Classification: Unclassified Product: softflowd Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: softflowd

http://www.psc.edu/networking/projects/hpn-ssh/ Mike Stevens and I just released a new set of high performance networking patches for OpenSSH 3.9p1, 4.0p1, and 4.1p1. These patches will provide the same set of functionality across all 3 revisions. New functionality includes 1) HPN performance even without both sides of the connection being HPN enabled. As long as the bulk data flow is in the

[NB: General information regarding HPN-SSH can be found at http://www.psc.edu/networking/projects/hpn-ssh ] This is a beta release of HPN12 but I'd like to get some user experiences with it if anyone is so inclined. This version of the HPN patch more closely conforms to the openssh nomenclature and coding style, it eliminates the use of command line switches in favor of -o options, it

Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship between the IdP and RP. SSH

That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher. On Wed, 29 Mar 2023, Robinson, Herbie wrote: > > I?m hardly an expert on this, but if I remember correctly, the rekey rate > for good security is mostly dependent on the cipher block size.? I left my > reference books at home; so, I can?t come up with a reference for you, but I > would take Chris?

Pp ------Original Message------ From: nate Sender: centos-bounces at centos.org To: CentOS Mailing list ReplyTo: CentOS Mailing list Sent: Feb 23, 2009 8:13 PM Subject: Re: [CentOS] cisco netflow analyzer? Robinson Tiemuqinke wrote: > Anyone knows any Cisco netflow analyzer that could run on Linux/Windows? I > know that cisco ASDM works at somewhat level but too rough... > > For

Using stock OpenSSH 4.7 I found different behavior when trying to specify the use of the 'none' cipher depending on the command line option nomenclature. This is under linux 2.6.19-web100 using -ocipher=none [root at delta openssh-4.7p1-hpnv19]# /home/rapier/ssh47/bin/scp -S /home/rapier/ssh47/bin/ssh -ocipher=none -P 2222 ~rapier/2gb rapier at localhost:/dev/null rapier at

I'm hardly an expert on this, but if I remember correctly, the rekey rate for good security is mostly dependent on the cipher block size. I left my reference books at home; so, I can't come up with a reference for you, but I would take Chris' "I'm deeply unsure of what impact that would have on the security of the cipher" comment seriously and switch to a cipher with a

On multiple core systems OpenSSH is limited to using a single core for all operations. On these systems this can result in a transfer being processor bound even though additional CPU resources exist. In order to open up this bottleneck we've developed a multi-threaded version of the AES-CTR cipher. Unlike CBC mode, since there is no dependency between cipher blocks in CTR mode we

This is a preliminary release and as such should be used at your own risk. In my testing the application builds under OS X and Linux, passes the regression tests, and file transfer tests on our test connections exhibited a 1600% increase in performance (1.4MB/s versus 20.9MB/s 46ms RTT). This patch (hpn12v10) is available from

The HPN patch set has been updated to work with OpenSSH4.6. This patch can help improve performance of bulk data transfers when using SSH, SCP, or SFTP. Please see http://www.psc.edu/networking/projects/hpn-ssh for more information. The patch is available from the above address or directly with http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.6p1-hpn12v16.diff.gz If you have any

On 6/19/24 4:11 PM, Joseph S. Testa II wrote: > On Wed, 2024-06-19 at 09:19 -0400, chris wrote: >> real world example (current snapshot of portable on linux v. dheater) > > Thanks for this. However, much more extensive testing would be needed > to show it is a complete solution. In my original research article, I > used CPU idle time as the main metric. Also, I showed that