spoof rsa fingerprint
Eugeneapolinary Ju
eugeneapolinary81 at yahoo.com
Sat Nov 14 23:09:37 UTC 2009
When I first log in to my router [192.168.1.1] through ssh, it says:
The authenticity of host 'XXXX.XX (192.168.1.1)' can't be established.
RSA key fingerprint is 51:c6:d1:7a:45:c4:74:3e:31:ee:3a:5a:2d:e1:bf:74.
Are you sure you want to continue connecting (yes/no)?
that's OK [it gets stored in the known_hosts file, on my client machine].
But:
what happens, if someone turns off my router, then installs a pc with ip 192.168.1.1?
And! - it spoofs _the same rsa fingerprint_, that was on my router.
Then, when I want to log in to 192.168.1.1, I will type my password, and it will stole my password...
So the question is:
Could that be possible, to spoof the rsa_fingerprint? [because the router say's the fingerprint when first logging in to it, etc..so could that be spoofed?]
More information about the users
mailing list