Penetration Testing mailing list archives
Re: [PEN-TEST] eMail auditing problem
From: Nicolas Gregoire <nicolas.gregoire () 7THZONE COM>
Date: Wed, 13 Sep 2000 18:23:51 +0200
"Groh, Jens" a écrit :
I've heard from a customer, that he believes, that all of his outgoing mail is read by someone using an email sniffer! My question now is: has that to be server sided? I mean can anyone use this email sniffer or has he or she already hacked the outgoing mail server?
How is this to be done?
There is many different cases possible : - the mail server is hacked => reinstall it, try to prosecute the hacker - a machine in your ISP network has been hacked. This machine is on the same Ethernet segment that the mail server, or the mails pass through this machine - the boss box is compromised (BO2K), and all his keystrokes are logged - surely some others ...
What programms?
dsniff sniffs mails and keeps them in Unix mbox format
What procedure?
To find the compromise ? Check each step (end-user box, mail server, proxy, ...)
Current thread:
- [PEN-TEST] eMail auditing problem Groh, Jens (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Nicolas Gregoire (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Mathew Bevan (Sep 13)
- Re: [PEN-TEST] eMail auditing problem DA Smith (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Mathew Bevan (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Jose Nazario (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Karyn Pichnarczyk (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] eMail auditing problem Justin Schaefer (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Jan Muenther (Sep 14)
- Re: [PEN-TEST] eMail auditing problem pete (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Brentlinger, Mike (ISS eServices) (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Dunker, Noah (Sep 13)
(Thread continues...)
- Re: [PEN-TEST] eMail auditing problem Nicolas Gregoire (Sep 13)