Penetration Testing mailing list archives

Re: [PEN-TEST] eMail auditing problem

From: Talisker <Talisker () NETWORKINTRUSION CO UK>
Date: Thu, 14 Sep 2000 20:23:04 +0100

RE: [PEN-TEST] eMail auditing problemSessionwall 3 is now called E-Trust IDS and has been bought by Computer 
Associates, it does monitor email content. 
If there is a CA person on this list does E-Trust IDS now have a parser for MS Exchange traffic

Andy 
http://www.networkintrusion.co.uk/ The IDS List
                    ''' 
                 (0 0) 
  ----oOO----(_)----------  
  | The geek shall        | 
  |  Inherit the earth     | 
  -----------------oOO----  
               |__|__| 
                  || || 
              ooO Ooo 

The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.

  ----- Original Message ----- 
  From: Oxenreider, Jeff 
  To: PEN-TEST () SECURITYFOCUS COM 
  Sent: Wednesday, September 13, 2000 9:37 PM
  Subject: Re: [PEN-TEST] eMail auditing problem

  Another possibility is SessionWall-3 (www.sessionwall.com) it does email sniffing, telnet and ftp session recording, 
and just about anything else.

  Scary stuff. 

  Jeffrey A. Oxenreider 
  Network Security Analyst 
  Safelite Glass Corp 

  -----Original Message----- 
  From: Jose Nazario [mailto:jose () BIOCSERVER BIOC CWRU EDU] 
  Sent: Wednesday, September 13, 2000 12:20 PM 
  To: PEN-TEST () SECURITYFOCUS COM 
  Subject: Re: [PEN-TEST] eMail auditing problem 

  On Wed, 13 Sep 2000, Groh, Jens wrote: 

  > I've heard from a customer, that he believes, that all of his outgoing 
  > mail is read by someone using an email sniffer! My question now is: 
  > has that to be server sided? I mean can anyone use this email sniffer 
  > or has he or she already hacked the outgoing mail server? 

  the server need not be compromised. anything on the same 
  routed/switched/shared segment can be sniffed using the appropriate 
  methods. if someone's nefarious enough, routing wouldn't even be a 
  problem. 

  > How is this to be done? 
  > What programms? 
  > What procedure? 
  > How would you do that? 

  check for mailsnarf from dug song 
  (http://www.monkey.org/~dugsong/dsniff/). it's quite easy. 

  if they're worried about email being read, use encryption. s/mime or pgp 
  would or should suffice. 

  jose nazario                                    jose () biochemistry cwru edu 
  PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80 
  Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

Current thread:

Re: [PEN-TEST] eMail auditing problem, (continued)
- - - Re: [PEN-TEST] eMail auditing problem DA Smith (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Jose Nazario (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Karyn Pichnarczyk (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Justin Schaefer (Sep 13)
  - Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
    - Re: [PEN-TEST] eMail auditing problem Jan Muenther (Sep 14)
    - Re: [PEN-TEST] eMail auditing problem pete (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Brentlinger, Mike (ISS eServices) (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Dunker, Noah (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Oxenreider, Jeff (Sep 13)
  - Re: [PEN-TEST] eMail auditing problem Talisker (Sep 14)