Re: Network and security experts (was Re: Dumb users spread viruses)

[Valdis.Kletnieks () vt edu]

On Mon, 09 Feb 2004 11:12:58 MST, "Wayne E. Bouchard" said:

> This is dramatically demonstrated by the number of NANOG attendees
> that do not utilize encrypted paths to communicate back to their
> offices and who do not maintain at least passable password standards
> for their own accounts. It always astonishes me to see passwords such
> as "asdfg", "microsoft", and "password" come up on that list.

Been there, done that.

We hosted a SANS-EDU event a while back, and had about 300 people in a
lecture hall, most of whom had wireless access.  I ran a small tcpdump
on the wireless, grabbing only outbound SYN packets for port 110, 995,
and the ports IMAP lives on.  About lunchtime, I announced that I'd seen
some 50 or so people using encrypted POP on 995, and 65 or so using it
in plaintext.  Somebody asked what data I was gathering, and I said "I'm
a white hat, I only looked at SYN packets enough to make this announcement."
Suddenly, we have 65 relieved looking people.  Then I added "But I have no
idea at all what people sitting out in the atrium are grabbing off the
wire" - and we had 65 worried looking people. ;)

I didn't see very many SYN packets on port 110 in the afternoon session. :)

Attachment: _bin
Description: