Security Basics mailing list archives
RE: Sniffing emails - how?
From: "Dahate, Pramod" <Pramod.Dahate () getronics com>
Date: Thu, 18 Nov 2004 09:05:44 +1100
Hi Yes softwares like the one from surfcontrol email filter watch all the mails and you can see that enterprise emails going to the internet can be seen in clear.But as Clement it is because these machines sit on the gateway and hence all traffice is passing through it or being forwarded to it by the enterprise email system for out going or it acts as an incoming smtp server.I used to know someproduct which used to integrate with the windows enviornment.It was called Sessionwall III.I do not know if its still around. regards Pramod Dahate(MCSE,CCNA,CCSA,CISSP) Security Analyst Network Management Centre Getronics Australia Pty Limited Getronics combines the service capabilities of the original Dutch company with those of Wang Global, acquired in 1999, and of the Olivetti systems and services division. We are ranked second worldwide in network and desktop outsourcing and fourth in network consulting and integration (Source: IDC 2002-2003). 2 Minna Close Belrose NSW 2085 Australia Tel: +61 2 9847 7680 Fax:+61 2 9847 7774 cell:+61 04 11 074 256(o) cell:+61 04 31 453 014(p) Email: pramod.dahate () getronics com ICT Security | Network Integration Services | Network & Desktop Outsourcing | Application Integration & Management www.getronics.com.au Please note that whilst we take all care, neither Getronics nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. -----Original Message----- From: Clement Dupuis [mailto:cdupuis () cccure org] Sent: Wednesday, 17 November 2004 07:57 To: 'Derek Fountain'; ':' Subject: RE: Sniffing emails - how? Good day Derek, Your reflexion on the problem below is showing that you have taught about this for a while. You are correct, within the confine of your internal networks it would mean that you have someone who is maliciously attempting to collect all of the traffic on your local network, this is trivial to do and lots of tools are available to help you do it even in a switched environment. To be very effective, he has to be on the same subnet or within your wiring closet :-) As far as being able to do this on the internet, any of the gateways you navigate through could do this if they wanted to. This is not very likely but there is always a possibility that someone is bored and will take a look at traffic passing through. Do a traceroute and you will see the multiple points where this could be done. Personnaly, I do like to treat unencrypted emails the same as a postcard. Anything I would not write in a postcard, I will not write into an email. Take care Clement Clement Dupuis Security Evangelist and Educator cdupuis () cccure org The CISSP and SSCP Open Study Guides Web Site http://www.cccure.org The Professional Security Testers Warehouse http://www.professionalsecuritytesters.org ------------------------------------ -----Original Message----- From: Derek Fountain [mailto:dflists () iinet net au] Sent: Friday, November 12, 2004 9:50 PM To: : Subject: Sniffing emails - how? Reading the archives of this and other lists, I occasionally come across quotes like this (from the WebApp list in this case): "2/ That sending a user's password in clear text over email systems is a secure method; inappropriate for most sites. For example, an attacker could provoke the password recovery procedure for his colleague and sniff the email containing the password with relative ease." Am I correct in thinking that this is only a real problem when an attacker has access to the same network as the email recipient? Or is this kind of sniffing possible across the internet in general?
Current thread:
- Sniffing emails - how? Derek Fountain (Nov 15)
- Re: Sniffing emails - how? Jonathan Kline (Nov 16)
- Re: Sniffing emails - how? xyberpix (Nov 16)
- RE: Sniffing emails - how? Clement Dupuis (Nov 16)
- <Possible follow-ups>
- Re: Sniffing emails - how? miguel . dilaj (Nov 16)
- RE: Sniffing emails - how? Justin Acquaro (Nov 16)
- RE: Sniffing emails - how? Dahate, Pramod (Nov 17)
- RE: Sniffing emails - how? Clement Dupuis (Nov 18)