-
Terrapin-Scanner
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
We will show how to disable the affected ciphers on the example of Debian. We will use Docker to make this reproducible. Then we will verify our configuration using vulnerability scanner provided by the authors of the paper.
# docker run -it --rm debian:latest # then run the following commands apt-get update apt-get install -y git wget build-essential zlib1g-dev git clone https://github.com/mkj/dropbear cd dropbear # here we disable ChaCha20Poly1305 and enable GCM instead # CBC is disabled by default env CFLAGS='-DDROPBEAR_CHACHA20POLY1305=0 -DDROPBEAR_ENABLE_GCM_MODE=1' ./configure make make install # check if dropbear is vulnerable dropbear -R wget https://github.com/RUB-NDS/Terrapin-Scanner/releases/download/v1.1.0/Terrapin_Scanner_Linux_amd64 chmod +x Terrapin_Scanner_Linux_amd64 ./Terrapin_Scanner_Linux_amd64 -connect 127.0.0.1:22 pkill dropbear
For this Linux distribution you need cross compiler to recompile Dropbear. The easiest way to get it is to use official Docker image.