Security Basics mailing list archives
RE: Sniffing emails - how?
From: "Justin Acquaro" <JAcquaro () csmcorp com>
Date: Tue, 16 Nov 2004 13:35:39 -0500
Just figured I would throw my 2 cents in; Someone whom has access to a remote router could setup a GRE tunnel back to their systems and sniff data on the remote network. I read in an article about cable modem uncapping using firmware that could allow you to sniff data on the WAN side. There are still a few Providers like Cablevision (Mine) that don't encrypt traffic on the WAN side to the modem. This would allow anyone whom hacked up the already hacked up surfboard firmware access to sniff on the WAN side. -Uncapping article- http://www.securityfocus.com/news/394 You should also be concerned with rogue employees (people that may be planning to leave by haven't yet) and consultants (You know that accounting guy that shows up once a month and wants net access) Cheers Justin Acquaro IT/MIS Creative Socio-Medics 3500 Sunrise Hwy Great River, New York Main:631-968-2000 Support:888-755-8610 |-----Original Message----- |From: miguel.dilaj () pharma novartis com |[mailto:miguel.dilaj () pharma novartis com] |Sent: Tuesday, November 16, 2004 3:16 AM |To: security-basics () lists securityfocus com |Subject: Re: Sniffing emails - how? | |Hi Derek, | |To the local network, or to any of the machines involved (like the email |server, even if it's on the Internet), or with the possibility to install |a sniffing agent (typically a trojan horse) in any of the machines |involved. |Plain sniffing on the Internet is not possible, because you can't sniff |behind a router (that are network boundaries). |A looooong time ago I read some rumour about the possibility to sniff |immediately on the other side of a router, but I don't remember if it was |done exploiting a router vulnerability or similar. |Cheers, | |Miguel Dilaj (Nekromancer) |www.oissg.org | | | | | | |Derek Fountain <dflists () iinet net au> |13/11/2004 02:50 | | | To: : <security-basics () lists securityfocus com> | cc: (bcc: Miguel Dilaj/PH/Novartis) | Subject: Sniffing emails - how? | | |Reading the archives of this and other lists, I occasionally come across |quotes like this (from the WebApp list in this case): | |"2/ That sending a user's password in clear text over email systems is a |secure method; inappropriate for most sites. For example, an attacker |could |provoke the password recovery procedure for his colleague and sniff the |email |containing the password with relative ease." | |Am I correct in thinking that this is only a real problem when an attacker |has |access to the same network as the email recipient? Or is this kind of |sniffing possible across the internet in general? | | | This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
Current thread:
- Sniffing emails - how? Derek Fountain (Nov 15)
- Re: Sniffing emails - how? Jonathan Kline (Nov 16)
- Re: Sniffing emails - how? xyberpix (Nov 16)
- RE: Sniffing emails - how? Clement Dupuis (Nov 16)
- <Possible follow-ups>
- Re: Sniffing emails - how? miguel . dilaj (Nov 16)
- RE: Sniffing emails - how? Justin Acquaro (Nov 16)
- RE: Sniffing emails - how? Dahate, Pramod (Nov 17)
- RE: Sniffing emails - how? Clement Dupuis (Nov 18)