Terrapin

From Omnia
Jump to navigation Jump to search

Scanner

If you want to check an SSH client or server for its susceptibility to Terrapin, the Ruhr University Bochum team provides a vulnerability scanner.[1]

RUB-NDS/Terrapin-Scanner: This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
https://github.com/RUB-NDS/Terrapin-Scanner
export $GOPATH=~/.gobin
go install github.com/RUB-NDS/Terrapin-Scanner@latest
ln -s ../.go/bin/Terrapin-Scanner ~/.bin/Terrapin-Scanner

Scan the SSH server available at localhost port 2222

./Terrapin-Scanner --connect localhost:2222

If no port is specified, the tool will default to port 22 instead

./Terrapin-Scanner --connect localhost


Bad Result

$ Terrapin-Scanner -connect host1.com
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4

ChaCha20-Poly1305 support:   true
CBC-EtM support:             false

Strict key exchange support: false

The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com

cbKxWe7.png

Ok Result

(same host, but after apt update, apt upgrade...)

$ Terrapin-Scanner -connect host1.com
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6

ChaCha20-Poly1305 support:   true
CBC-EtM support:             false

Strict key exchange support: true

The scanned peer supports Terrapin mitigations and can establish
connections that are NOT VULNERABLE to Terrapin. Glad to see this.
For strict key exchange to take effect, both peers must support it.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com

zcWtsfI.png

keywords