Penetration Testing mailing list archives
Re: [PEN-TEST] eMail auditing problem
From: Karyn Pichnarczyk <karyn () SANDSTORM NET>
Date: Wed, 13 Sep 2000 13:06:11 -0400
I've heard from a customer, that he believes, that all of his outgoing mail is read by someone using an email sniffer! My question now is: has that to be server sided? I mean can anyone use this email sniffer or has he or she already hacked the outgoing mail server?
I'm sure others on this list will send you many technical, detailed plans on how to see if his mail is being intercepted, but I'm going to propose a simple plan that should be checked in any case. Depending on the technical level of the customer, ensure that the customer has checked the /etc/aliases file (or other such mailing list engine of his mail server) to see if his mail is being forwarded to any aliases/mailing lists other than just himself. Also check for any automatic forwarding mechanisms his personal computer may have implemented, which are different for any mail client he may have. And then do all the other things everyone on this list will recommend. Karyn Pichnarczyk Sandstorm Enterprises, Inc.
Current thread:
- [PEN-TEST] eMail auditing problem Groh, Jens (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Nicolas Gregoire (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Mathew Bevan (Sep 13)
- Re: [PEN-TEST] eMail auditing problem DA Smith (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Mathew Bevan (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Jose Nazario (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Karyn Pichnarczyk (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] eMail auditing problem Justin Schaefer (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Jan Muenther (Sep 14)
- Re: [PEN-TEST] eMail auditing problem pete (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Brentlinger, Mike (ISS eServices) (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Dunker, Noah (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Oxenreider, Jeff (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Talisker (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Nicolas Gregoire (Sep 13)