Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] eMail auditing problem

From: "Brentlinger, Mike (ISS eServices)" <mbrentli () ISS NET>
Date: Wed, 13 Sep 2000 15:05:52 -0400
There are lots of tools that would grab smtp mail traffic off the network.
As long as someone has access to the network and could see the mail traffic
going by a NIC they had access to they could get the mail, theres no reason
why they have to compromise the mail server.

Check out some of these links for more info

drivers/tools for windows boxes
     http://netgroup-serv.polito.it/winpcap/misc/hot.htm

dsniff-tool to get passwords theres also mention of "mailsnarf" which would
do just what you are talking about
     http://www.monkey.org/~dugsong/dsniff/

winsniff- a tool that would also do what youre talking about.
     http://server36.hypermart.net/winsniff/

Hope that was helpful
-Mike Brentlinger
 ISS Chicago

-----Original Message-----
From: Groh, Jens
To: PEN-TEST () SECURITYFOCUS COM
Sent: 9/13/00 8:16 AM
Subject: eMail auditing problem

Hi Folks,

as I'm new to the security scene I have to ask you a questions:

I've heard from a customer, that he believes, that all of his outgoing
mail is read by someone using an email sniffer! My
question now is: has that to be server sided? I mean can anyone use this
email sniffer or has he or she already hacked the
outgoing mail server?

How is this to be done?
What programms?
What procedure?
How would you do that?

Thanx in advance,

Jens Groh
Hostmaster / Security
LPC GmbH
Germany
Previous By Date Next
Previous By Thread Next

Current thread: