Penetration Testing mailing list archives
Re: [PEN-TEST] OT - How secure is an ISDN line?
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Thu, 19 Oct 2000 08:56:18 -0500
ISDN is a point-to-point link that's handled through the Telco. In essence, it's just as secure as a PPP connection over your telephone line. You are not placed on a "virtual LAN" or any anything of the sort (which is one of the biggest problems with today's xDSL and Cable Modems.) In most cases, ISDN is considered to be one of the most secure medium-bandwidth links available. The same holds true that you should be doing encryption over the link (can be done with VPN appliances or software.) There isn't really much difference between ISDN and a T1 or T3 connection, security wise. Anyone who can place a host en route to the destination can sniff the traffic. This includes route manipulation, or malicious activity at the Service Provider or Backbone level. --Noah Dunker Network Security Engineer / Piranha Team FishNet Security -----Original Message----- From: Vitaly McLain [mailto:twistah () DATASURGE NET] Sent: Wednesday, October 18, 2000 9:13 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: OT - How secure is an ISDN line? Hi, While I know nothing about ISDN, the general comment is this: it's not the connection, it's the protocol traveling over the connection. Anything transmitted in clear-text is sniffable. This includes POP3, Telnet sessions and many other common protocols. Using SSH (Secure SHell), or tunneling through it, makes the connection safe from sniffers. To find out how safe/unsafe your network is, you have to do some sniffing around on your own. Get a sniffer that will pickup whole packets (ngrep, ngrep.datasurge.net) and something that could reassemble/replay connections (Ethereal, ethereal.zing.org). The most important tool for you, IMHO, is Dug Song's dsniff (www.monkey.org/~dugsong/dsniff). This is a sniffer which will parse our passwords from sniffed data. It supports /many/ protocols. Download it, compile it, run it and see what you pick up. Vitaly McLain twistah () datasurge net
Current thread:
- [PEN-TEST] Lotus Notes ID Files, (continued)
- [PEN-TEST] Lotus Notes ID Files Ansar Mohammed (Oct 19)
- Re: [PEN-TEST] Lotus Notes ID Files Patrick Mueller (Oct 21)
- [PEN-TEST] Lotus Notes ID Files Ansar Mohammed (Oct 19)
- Re: [PEN-TEST] OT - How secure is an ISDN line? van der Kooij, Hugo (Oct 19)
- Re: [PEN-TEST] OT - How secure is an ISDN line? JLJ (Oct 19)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Cold Fire (Oct 20)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Peter Van Epp (Oct 20)
- Re: [PEN-TEST] OT - How secure is an ISDN line? van der Kooij, Hugo (Oct 20)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Cold Fire (Oct 20)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Clem Colman (Oct 19)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Kris Carlier (Oct 19)
- Re: [PEN-TEST] OT - How secure is an ISDN line? van der Kooij, Hugo (Oct 20)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Kris Carlier (Oct 19)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Dunker, Noah (Oct 19)
- Re: [PEN-TEST] OT - How secure is an ISDN line? Knowledgebase i-Net Security (Oct 19)
- [PEN-TEST] OT - How secure is an ISDN line? Dave Cowen (Oct 20)
- Re: [PEN-TEST] OT - How secure is an ISDN line? John Brand (Oct 24)
- Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs Talisker (Oct 25)
- Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs van der Kooij, Hugo (Oct 25)
- Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs Peter Gamache (Oct 25)
- Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs Carson Gaspar (Oct 26)
- Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs Talisker (Oct 26)
- Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs Talisker (Oct 25)