funsec mailing list archives
Re: InfoSec Slammer :-)
From: Valdis.Kletnieks () vt edu
Date: Tue, 02 May 2006 22:35:58 -0400
On Tue, 02 May 2006 19:04:49 EDT, Dude VanWinkle said:
However whilst exhibiting at the show, security risk firm McAfee was able to detect various networks connections that lacked any encryption, so maybe things weren't as rosy as we first suspected.
Given the number of cleartext packets I've seen on the wireless net at a SANS event, I'm not at all surprised. Two or 3 years ago (when, admittedly, people were a bit less paranoid), we had a SANS-EDU here. 300 people taking a class on wireless security. So of *course* I had to fire up a tcpdump for an hour or two. And after the lunch break, I grab the microphone, and announce "I've been watching traffic, and of the 300 active IPs in this room, 55 have done POP-over-SSL checks on port 995, and 118 have checked on port 110". As expected, 118 people go apeshit. "What??!? You snarfed our passwords?" At which point I say "Well, I guess we know who the 118 were..." and they go more apeshit. Then I tell them "*MY* tcpdump was carefully crafted to only capture TCP SYN packets. No passwords were captured". And they relax. Then the bombshell - I tell them "But just because I'm a well-known white hat doesn't mean there aren't any black hats in the building snarfing up passwords.." That's when they got *really quiet and worrried looking... ;)
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- InfoSec Slammer :-) Dude VanWinkle (May 02)
- Re: InfoSec Slammer :-) Nick FitzGerald (May 02)
- Re: InfoSec Slammer :-) Dude VanWinkle (May 02)
- Re: InfoSec Slammer :-) Valdis . Kletnieks (May 02)
- Re: InfoSec Slammer :-) Jeff Kell (May 02)
- Re: InfoSec Slammer :-) Nick FitzGerald (May 02)