Security Basics mailing list archives

RE: Sniffing emails - how?

From: "Clement Dupuis" <cdupuis () cccure org>
Date: Tue, 16 Nov 2004 15:56:31 -0500

Good day Derek,

Your reflexion on the problem below is showing that you have taught about
this for a while.  You are correct, within the confine of your internal
networks it would mean that you have someone who is maliciously attempting
to collect all of the traffic on your local network, this is trivial to do
and lots of tools are available to help you do it even in a switched
environment.  To be very effective, he has to be on the same subnet or
within your wiring closet :-)

As far as being able to do this on the internet, any of the gateways you
navigate through could do this if they wanted to.  This is not very likely
but there is always a possibility that someone is bored and will take a look
at traffic passing through. Do a traceroute and you will see the multiple
points where this could be done.

Personnaly, I do like to treat unencrypted emails the same as a postcard.
Anything I would not write in a postcard, I will not write into an email.

Take care

Clement

Clement Dupuis
Security Evangelist and Educator
cdupuis () cccure org 
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org 

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org 
 
------------------------------------

-----Original Message-----
From: Derek Fountain [mailto:dflists () iinet net au] 
Sent: Friday, November 12, 2004 9:50 PM
To: :
Subject: Sniffing emails - how?

Reading the archives of this and other lists, I occasionally come across 
quotes like this (from the WebApp list in this case):

"2/ That sending a user's password in clear text over email systems is a 
secure method; inappropriate for most sites. For example, an attacker could 
provoke the password recovery procedure for his colleague and sniff the
email 
containing the password with relative ease."

Am I correct in thinking that this is only a real problem when an attacker
has 
access to the same network as the email recipient? Or is this kind of 
sniffing possible across the internet in general?

Current thread:

Sniffing emails - how? Derek Fountain (Nov 15)
- Re: Sniffing emails - how? Jonathan Kline (Nov 16)
- Re: Sniffing emails - how? xyberpix (Nov 16)
- RE: Sniffing emails - how? Clement Dupuis (Nov 16)
- <Possible follow-ups>
- Re: Sniffing emails - how? miguel . dilaj (Nov 16)
- RE: Sniffing emails - how? Justin Acquaro (Nov 16)
- RE: Sniffing emails - how? Dahate, Pramod (Nov 17)
  - RE: Sniffing emails - how? Clement Dupuis (Nov 18)