nanog mailing list archives

Re: The Cidr Report


From: Valdis.Kletnieks () vt edu
Date: Sun, 16 Oct 2011 14:56:29 -0400

On Sun, 16 Oct 2011 10:06:10 EDT, "William F. Maton Sotomayor" said:

A similar thing was done at a USENIX in Monterey over a decade ago.  The 
point behind that one was to drive home how bad it was for the attendees 
to use telnet to their boxes at the mothership.  Nothing like seeing 
people watch their passwords put up on two screens to teach them about 
SSH.

Did something similar at a SANS-EDU class a few years back, maybe 300 or so
attendees.  The first morning, I ran several carefully crafted tcpdumps on the
wireless network to get just the SYN packets for telnet, ssh, rlogin/rsh, and
POP in cleartext and over SSL. Then just before class started up after lunch, I
announced the counts (was about 1/3 encrypted, 2/3 cleartext).

When the slide with the numbers hit the screen, a predictable 2/3 suddenly got
outraged "You have no right to grab our passwords/ that's irresponsible behaior
for a security professional/ etc". So I joked "See Randy, I *told* you we
wouldn't have to map from IP to MAC to conference registration to tell who they
were" which didn't help matters much. ;)  Then I tell them that yes, it *would*
be irresponsible for me to snarf passwords, so I only grabbed SYN packets.  The
room got quiet, till I added "but those random people sitting out in the atrium aren't
security professionals, and we have no control over whether they grab passwords
or not, so you probably want to change your passwords."

Sudden flurry of typing from 2/3 of the people.  "Over  a secure channel, of course".

Sudden lack of typing and a lot of deer-in-headlights looks, and one voice from
the back of the room "Well played" ;)

Attachment: _bin
Description:


Current thread: