Re: InfoSec Slammer :-)

[Valdis.Kletnieks () vt edu]

On Tue, 02 May 2006 19:04:49 EDT, Dude VanWinkle said:
> However whilst exhibiting at the show, security risk firm McAfee was
> able to detect various networks connections that lacked any
> encryption, so maybe things weren't as rosy as we first suspected.

Given the number of cleartext packets I've seen on the wireless net at
a SANS event, I'm not at all surprised.

Two or 3 years ago (when, admittedly, people were a bit less paranoid), we
had a SANS-EDU here.  300 people taking a class on wireless security.  So of
*course* I had to fire up a tcpdump for an hour or two.   And after the lunch
break, I grab the microphone, and announce "I've been watching traffic, and
of the 300 active IPs in this room, 55 have done POP-over-SSL checks on port
995, and 118 have checked on port 110".  As expected, 118 people go apeshit.
"What??!? You snarfed our passwords?"

At which point I say "Well, I guess we know who the 118 were..."  and they
go more apeshit.

Then I tell them "*MY* tcpdump was carefully crafted to only capture TCP SYN
packets. No passwords were captured".  And they relax.

Then the bombshell - I tell them "But just because I'm a well-known white hat
doesn't mean there aren't any black hats in the building snarfing up passwords.."

That's when they got *really quiet and worrried looking... ;)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.