Penetration Testing mailing list archives

Re: [PEN-TEST] OT - How secure is an ISDN line?

From: Vitaly McLain <twistah () DATASURGE NET>
Date: Wed, 18 Oct 2000 21:13:07 -0500

Hi,

While I know nothing about ISDN, the general comment is this: it's not the
connection, it's the protocol traveling over the connection. Anything
transmitted in clear-text is sniffable. This includes POP3, Telnet sessions
and many other common protocols. Using SSH (Secure SHell), or tunneling
through it, makes the connection safe from sniffers.

To find out how safe/unsafe your network is, you have to do some sniffing
around on your own. Get a sniffer that will pickup whole packets (ngrep,
ngrep.datasurge.net) and something that could reassemble/replay connections
(Ethereal, ethereal.zing.org). The most important tool for you, IMHO, is Dug
Song's dsniff (www.monkey.org/~dugsong/dsniff). This is a sniffer which will
parse our passwords from sniffed data. It supports /many/ protocols.
Download it, compile it, run it and see what you pick up.

Vitaly McLain
twistah () datasurge net

Current thread:

[PEN-TEST] OT - How secure is an ISDN line? David Fox (Oct 18)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Vitaly McLain (Oct 18)
  - [PEN-TEST] Lotus Notes ID Files Ansar Mohammed (Oct 19)
    - Re: [PEN-TEST] Lotus Notes ID Files Patrick Mueller (Oct 21)
- Re: [PEN-TEST] OT - How secure is an ISDN line? van der Kooij, Hugo (Oct 19)
- Re: [PEN-TEST] OT - How secure is an ISDN line? JLJ (Oct 19)
  - Re: [PEN-TEST] OT - How secure is an ISDN line? Cold Fire (Oct 20)
    - Re: [PEN-TEST] OT - How secure is an ISDN line? Peter Van Epp (Oct 20)
    - Re: [PEN-TEST] OT - How secure is an ISDN line? van der Kooij, Hugo (Oct 20)
- <Possible follow-ups>
- Re: [PEN-TEST] OT - How secure is an ISDN line? Clem Colman (Oct 19)
  - Re: [PEN-TEST] OT - How secure is an ISDN line? Kris Carlier (Oct 19)
    - Re: [PEN-TEST] OT - How secure is an ISDN line? van der Kooij, Hugo (Oct 20)

(Thread continues...)