RE: Sniffing emails - how?

["Justin Acquaro" <JAcquaro () csmcorp com>]

Just figured I would throw my 2 cents in; 

        Someone whom has access to a remote router could setup a GRE
tunnel back to their systems and sniff data on the remote network. I
read in an article about cable modem uncapping using firmware that could
allow you to sniff data on the WAN side. There are still a few Providers
like Cablevision (Mine) that don't encrypt traffic on the WAN side to
the modem. This would allow anyone whom hacked up the already hacked up
surfboard firmware access to sniff on the WAN side.

-Uncapping article- http://www.securityfocus.com/news/394

        You should also be concerned with rogue employees (people that
may be planning to leave by haven't yet) and consultants (You know that
accounting guy that shows up once a month and wants net access) 

Cheers

Justin Acquaro
IT/MIS
Creative Socio-Medics
3500 Sunrise Hwy
Great River, New York
Main:631-968-2000
Support:888-755-8610


|-----Original Message-----
|From: miguel.dilaj () pharma novartis com
|[mailto:miguel.dilaj () pharma novartis com]
|Sent: Tuesday, November 16, 2004 3:16 AM
|To: security-basics () lists securityfocus com
|Subject: Re: Sniffing emails - how?
|
|Hi Derek,
|
|To the local network, or to any of the machines involved (like the
email
|server, even if it's on the Internet), or with the possibility to
install
|a sniffing agent (typically a trojan horse) in any of the machines
|involved.
|Plain sniffing on the Internet is not possible, because you can't sniff
|behind a router (that are network boundaries).
|A looooong time ago I read some rumour about the possibility to sniff
|immediately on the other side of a router, but I don't remember if it
was
|done exploiting a router vulnerability or similar.
|Cheers,
|
|Miguel Dilaj (Nekromancer)
|www.oissg.org
|
|
|
|
|
|
|Derek Fountain <dflists () iinet net au>
|13/11/2004 02:50
|
|
|        To:     : <security-basics () lists securityfocus com>
|        cc:     (bcc: Miguel Dilaj/PH/Novartis)
|        Subject:        Sniffing emails - how?
|
|
|Reading the archives of this and other lists, I occasionally come
across
|quotes like this (from the WebApp list in this case):
|
|"2/ That sending a user's password in clear text over email systems is
a
|secure method; inappropriate for most sites. For example, an attacker
|could
|provoke the password recovery procedure for his colleague and sniff the
|email
|containing the password with relative ease."
|
|Am I correct in thinking that this is only a real problem when an
attacker
|has
|access to the same network as the email recipient? Or is this kind of
|sniffing possible across the internet in general?
|
|
|




This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.