Penetration Testing mailing list archives
Re: [PEN-TEST] eMail auditing problem
From: Erik Tayler <nine () 14X NET>
Date: Wed, 13 Sep 2000 15:56:50 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just to clarify (and try not to seem picky), the sniffer doesn't need to reside "between the source of the email and the destination". It can reside on the server sending mail, or the server receiving mail, as well as anything in-between. Just seemed like something was left out. Erik Tayler http://www.14x.net/fx - -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Justin Schaefer Sent: Wednesday, September 13, 2000 12:05 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: eMail auditing problem in order to sniff someones email, the person sniffing would need root access on a machine between the source of the email and the destination. the person would then run a packet sniffer, like dsniff or snoop, and filter the input, to only see what they wanted to see. If you are sure this is happening, traceroute from your mail server to a destination where your client believes his mail is being read. Start by checkign out all machines on your local network for unusual traffic/programs/users logged in etc... and search the drives fro files that shouldnt be there. logs.. etc. then move on to the next hop in the traceroute. Once you have gone as far as you can in this manner, and you can confirm that the email is being raed, it may be time to start alerting admins at other isps, or carriers. Just keep following the traceroute, until you find him. Chances are however, that it is somewhere on your clients network. - -Justin - -----Original Message----- From: Groh, Jens [mailto:jgroh () LPC-COMPUTER DE] Sent: Wednesday, September 13, 2000 8:17 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] eMail auditing problem Hi Folks, as I'm new to the security scene I have to ask you a questions: I've heard from a customer, that he believes, that all of his outgoing mail is read by someone using an email sniffer! My question now is: has that to be server sided? I mean can anyone use this email sniffer or has he or she already hacked the outgoing mail server? How is this to be done? What programms? What procedure? How would you do that? Thanx in advance, Jens Groh Hostmaster / Security LPC GmbH Germany -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOb/qEE0pQlPl0B0AEQKSEgCfZgbW62buQ0qozRfWnKgwPmWqlqsAoJah X36PAG7Od/kT8tofXQxylL5p =+/GD -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] eMail auditing problem Groh, Jens (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Nicolas Gregoire (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Mathew Bevan (Sep 13)
- Re: [PEN-TEST] eMail auditing problem DA Smith (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Mathew Bevan (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Jose Nazario (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Karyn Pichnarczyk (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] eMail auditing problem Justin Schaefer (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Jan Muenther (Sep 14)
- Re: [PEN-TEST] eMail auditing problem pete (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Erik Tayler (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Brentlinger, Mike (ISS eServices) (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Dunker, Noah (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Oxenreider, Jeff (Sep 13)
- Re: [PEN-TEST] eMail auditing problem Talisker (Sep 14)
- Re: [PEN-TEST] eMail auditing problem Nicolas Gregoire (Sep 13)