Security Basics mailing list archives
RE: POP3 passwords
From: Steve McLaughlin <steve () Lan com au>
Date: Tue, 21 Oct 2003 10:49:33 +1000
Would it be possible to spoof the IP of the POP3 server to the mail client over the internet from a dummy mail server, using say, Packit, and then, sniff the packets hitting the LAN card? -----Original Message----- From: Dave Killion [mailto:Dkillion () netscreen com] Sent: Tuesday, 21 October 2003 4:50 AM To: 'Zachary Mutrux'; Security-Basics Subject: RE: POP3 passwords Zac, Well, you're right - people don't think much about POP3 passwords, but they should. POP3/S is a solution, but not many people support it or know how to use it. The people who do know typically are the ones who check their email via SSH and mutt anyway. The biggest trick to exploiting POP3 (indeed, any clear-text auth'd protocol) is to get in the data stream. If you control a gateway the traffic goes through, or on the same layer-2 hub, you're set. Otherwise, some MAC-address tomfoolery is in order - either to stuff a cam table (spoof thousands of MAC addresses so the switch 'breaks open' to forward-all mode - think 'macof'[1]) on a switch, if you're on the same switched layer-2 segment, or to spoof the gateway IP with your MAC address to man-in-the-middle the gateway (think 'arpspoof'[2]). Once it's left the local network and gone on to the big I, it's harder to get at, unless you can again control a segment of network the data stream goes through. People who work at ISP's shouldn't have a problem doing this, but generally they're paid to be trustworthy with this sort of thing. Unauthorized network snooping at an ISP is a good way to get fired and blacklisted. But really, why leave it to chance? Encrypt your connections with SSL or SSH. POP3 accounts sometimes also have shell accounts, and the username/password's the same. My $0.02... Dave Killion Senior Security Engineer Security Group, NetScreen Technologies, Inc. Footnotes: [1] and [2] - Both are tools in the dsniff tool suite by Dug Song: http://www.monkey.org/~dugsong/dsniff/ This e-mail reflects the personal opinion of the author. -- Unless explicitly so stated in the text, it does not represent an official position of NetScreen Technologies, Inc. This email contains material that is confidential. The content of this email is for the sole use of the intended recipient(s). Any review or distribution by persons other than the intended recipient(s) without the express permission of NetScreen Technologies, Inc. is strictly prohibited. If you are not the intended recipient, please contact the sender and delete/destroy all copies of this email and any related attachments. NetScreen does not guarantee the accuracy or completeness of third party materials or information.
-----Original Message----- From: Zachary Mutrux [mailto:zmutrux () compumentor org] Sent: Friday, October 17, 2003 4:40 PM To: Security-Basics Subject: POP3 passwords Why has it not been a bigger problem that POP3 passwords are unencrypted when sent over the public Internet? Seems like they would be pretty easy for a miscreant to steal. zm -- Zac Mutrux Technology Consultant CompuMentor 415-633-9437 -------------------------------------------------------------- ------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- RE: POP3 passwords, (continued)
- RE: POP3 passwords Damian Lennon (Oct 20)
- Re: POP3 passwords Tomas Wolf (Oct 20)
- Re: POP3 passwords Francisco Andrades (Oct 20)
- Re: POP3 passwords Simon Gray (Oct 20)
- Re: POP3 passwords Francisco Andrades (Oct 20)
- Re: POP3 passwords Todd Troxell (Oct 20)
- Re: POP3 passwords JGrimshaw (Oct 20)
- Re: POP3 passwords Hendra Santosa (Oct 21)
- RE: POP3 passwords Dave Killion (Oct 20)
- Re: POP3 passwords Meritt James (Oct 20)
- RE: POP3 passwords Steve McLaughlin (Oct 21)
- Re: POP3 passwords Francisco Andrades (Oct 21)
- Re: POP3 passwords Simon Garner (Oct 21)
- RE: POP3 passwords Golden_Eternity (Oct 22)
- RE: POP3 passwords Chris Merkel (Oct 20)
- RE: POP3 passwords Keller, Tim (Oct 20)
- Re: FW: POP3 passwords Sec1 (Oct 20)
- RE: POP3 passwords Dave Killion (Oct 21)
- Re: POP3 passwords Phillip McCollum (Oct 22)