Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: POP3 passwords

From: Francisco Andrades <fandrades () nextj com>
Date: Tue, 21 Oct 2003 14:59:06 -0400


Steve McLaughlin wrote:

Would it be possible to spoof the IP of the POP3 server to the mail client
over the internet from a dummy mail server, using say, Packit, and then,
sniff the packets hitting the LAN card?
100% doable. In fact you can use ARP spoofing to redirect any communication through a sniffer. That includes telnet, ftp, POP3, IMAP, TLS/SSL, SSH (of course, in the case of secure protocols it's of no use because you receive encrypted streams). 


-----Original Message-----
From: Dave Killion [mailto:Dkillion () netscreen com] Sent: Tuesday, 21 October 2003 4:50 AM 
To: 'Zachary Mutrux'; Security-Basics
Subject: RE: POP3 passwords

Zac,

Well, you're right - people don't think much about POP3 passwords, but they
should.

POP3/S is a solution, but not many people support it or know how to use it.
The people who do know typically are the ones who check their email via SSH
and mutt anyway.



--
Francisco Andrades Grassi
www.nextj.com
Tlf: +58-414-125-7415


---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy 
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: