RE: Sniffing emails - how?

["Dahate, Pramod" <Pramod.Dahate () getronics com>]

Hi
Yes softwares like the one from surfcontrol email filter watch all the
mails and you can see that  enterprise emails going to the internet can
be seen in clear.But as Clement it is because these machines sit on the
gateway and hence all traffice is passing through it or being forwarded
to it by the enterprise email system for out going or it acts as an
incoming smtp server.I used to know someproduct which used to integrate
with the windows enviornment.It was called Sessionwall III.I do not know
if its still around.
regards  


Pramod Dahate(MCSE,CCNA,CCSA,CISSP)
Security Analyst
Network Management Centre

Getronics Australia Pty Limited
Getronics combines the service capabilities of the original Dutch
company with those of Wang Global, acquired in 1999, and of the Olivetti
systems and services division. We are ranked second worldwide in network
and desktop outsourcing and fourth in network consulting and integration
(Source: IDC 2002-2003).

2 Minna Close
Belrose NSW 2085
Australia
Tel: +61 2 9847 7680
Fax:+61 2 9847 7774
cell:+61 04 11 074 256(o)
cell:+61 04 31 453 014(p) 
Email: pramod.dahate () getronics com

ICT Security | Network Integration Services | Network & Desktop
Outsourcing | Application Integration & Management
www.getronics.com.au

Please note that whilst we take all care, neither Getronics nor the
sender accepts any responsibility for viruses and it is your
responsibility to scan for viruses. The contents are intended only for
use by the addressee and may contain confidential and/or privileged
material and any use by other than the intended recipient is prohibited.
If you received this in error, please inform the sender and/or addressee
immediately and delete the material.


-----Original Message-----
From: Clement Dupuis [mailto:cdupuis () cccure org] 
Sent: Wednesday, 17 November 2004 07:57
To: 'Derek Fountain'; ':'
Subject: RE: Sniffing emails - how?

Good day Derek,

Your reflexion on the problem below is showing that you have taught
about this for a while.  You are correct, within the confine of your
internal networks it would mean that you have someone who is maliciously
attempting to collect all of the traffic on your local network, this is
trivial to do and lots of tools are available to help you do it even in
a switched environment.  To be very effective, he has to be on the same
subnet or within your wiring closet :-)

As far as being able to do this on the internet, any of the gateways you
navigate through could do this if they wanted to.  This is not very
likely but there is always a possibility that someone is bored and will
take a look at traffic passing through. Do a traceroute and you will see
the multiple points where this could be done.

Personnaly, I do like to treat unencrypted emails the same as a
postcard.
Anything I would not write in a postcard, I will not write into an
email.

Take care

Clement

Clement Dupuis
Security Evangelist and Educator
cdupuis () cccure org
The CISSP and SSCP Open Study Guides Web Site http://www.cccure.org 

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org 
 
------------------------------------

-----Original Message-----
From: Derek Fountain [mailto:dflists () iinet net au]
Sent: Friday, November 12, 2004 9:50 PM
To: :
Subject: Sniffing emails - how?

Reading the archives of this and other lists, I occasionally come across
quotes like this (from the WebApp list in this case):

"2/ That sending a user's password in clear text over email systems is a
secure method; inappropriate for most sites. For example, an attacker
could provoke the password recovery procedure for his colleague and
sniff the email containing the password with relative ease."

Am I correct in thinking that this is only a real problem when an
attacker has access to the same network as the email recipient? Or is
this kind of sniffing possible across the internet in general?