Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sniffing packets between Outlook and Exchange

From: kam () aversion net
Date: Tue, 11 Dec 2001 10:23:17 -0600
On Tue, Dec 11, 2001 at 08:02:01AM -0500, Harrington, Chris said sometin like...

All,
 
In an environment with Outlook 2000 acting as an Exchange client (no POP),
is it possible to sniff the email traffic between the them?? If so, are
there any resources on preventing this?


Yes, use a switch instead of a hub. 

If you're already using a switch, it's possible to sniff a switched network,
but very difficult, especially remotly.

If you have any form for RAS or VPN, make sure no one has unauthorized
access to these devices. 

You may also encrypt your emails leaving outlook from all clients. Encrypted
email is stored on the exchange server still encrypted (assuming you're
using PGP) and will stay encrypted until the actual reciver gets the
message, at which point it will be decrypted by the recipient. 
 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: