RE: Web Traffic Security and Eavesdropping

["David Gillett" <gillettdavid () fhda edu>]

  I think it was less than two months ago that there was an alert 
about rogue routers spoofing BGP info in order to get traffic for 
a chosen destination network sent to an attacker.  I seem to 
recall seeing a rootkit for IOS talked about as well.  Or of 
course there could be an insider at an ISP -- perhaps a transit 
carrier with no contractual obligation to either endpoint.

  Sending sensitive information across the Internet unencrypted
is like mailing it on a postcard.  Postal employees are, on the
whole, honourable and honest -- but all it takes is one, somewhere,
or somebody willing and able to get into a mailbox....

David Gillett


> -----Original Message-----
> From: mojorising [mailto:moj0rising () aim com] 
> Sent: Monday, November 10, 2008 5:16 PM
> To: security-basics () securityfocus com
> Subject: Web Traffic Security and Eavesdropping
>
> Hi, there. We all know many web sites out there encrypt 
> connections with SSL to prevent eavesdropping on user 
> sessions. In a conversation about this today while securing 
> web services/ applications of one of our sites, a friend 
> asked how such a thing is possible if the eavesdropper is not 
> on the same network as the end-user or server being watched. 
> I couldn't provide a very good answer and was wondering if 
> anyone out there could. We know how easy it would be if you 
> were on the same network or had access to one of the nodes on 
> either end or even, perhaps, a switch or router, etc in 
> between those two points.
>
> Basically, the question is, can someone out there in the big, 
> bad, internet somehow watch all traffic going to and from 
> another node on the internet (like a web server for example) 
> without being on the same local network as the node they are 
> watching? I'm quite sure the answer to this is yes and if 
> yes, then how is it done?
>
>
> Thanks,
> Mike