Showing posts with label authentication. Show all posts
Showing posts with label authentication. Show all posts

Monday, February 10, 2014

[eldos] SSH Authentication methods

SSH (Secure Shell) is an invention of a private company, aimed to provide secure access to remote hosts' console and for other network services (such as file transfer or remote execution of processes). SSH is mostly popular in Unix/Linux world, although servers for Windows platform also exist.
Read more »
Posted by at No comments:
Labels: ,

[RAWTECH BLOG] TeamViewer authentication protocol (part 2 of 3)

Posted by Braden Thomas
KeepAlive and Outgoing connections
As mentioned previously, the KeepAlive server is used to maintain an online presence, so that when a client connects, the KeepAlive server can communicate with the target host and negotiate the connection details. Outgoing connections use the CMD_MasterCommand (as used in Login) through the Master server.
Read more »
Posted by at No comments:
Labels: ,

[RAWTECH BLOG] TeamViewer authentication protocol (part 3 of 3)

Posted by Braden Thomas
Peer-to-Peer “Encryption”
By default, peers will attempt to initiate encryption with each other using the public key handed out by the Master server in the RequestRoute2 response. The connecting device will initiate encryption using a CMD_RequestEncryption command, which is routed peer-to-peer, containing a session key (either AES or RC4, based on version) encrypted with the remote peer’s public key, and signed with the sender’s private key for verification.
Read more »
Posted by at No comments:
Labels: ,

[RAWTECH BLOG] TeamViewer authentication protocol (part 1 of 3)

Posted by Braden Thomas
When a coworker recently gave me access to his system he recommended I use TeamViewer. TeamViewer is a free tool that is used to set up and use a VPN connection as well as allowing the user to remotely take control of another person’s computer from their system. Given that it was my first time using this software, I decided to take a peek at the traffic. TeamViewer’s network traffic was a custom protocol operating on TCP port 5938 and many of the packets began with 0×1724. I initially thought that these were TLS Application Data record packets, since that’s usually the case when I see traffic starting with 0×17. However, since the next byte would be the major version number if it were TLS, and the value I was seeing was 0×24, TLS didn’t make sense. So I set it aside to look at later.
Read more »
Posted by at 2 comments:
Labels: ,
Subscribe to: Posts (Atom)