Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 May 2001 09:16:27 -0400
From:      Bill Moran <wmoran@iowna.com>
To:        Mike Meredith <hmv@meredithm.fsnet.co.uk>
Cc:        questions@FreeBSD.ORG
Subject:   Re: security question
Message-ID:  <3B124FAB.34B6F018@iowna.com>
References:  <bulk.95613.20010527183351@hub.freebsd.org> <0105280941350A.00298@warlock.hmv.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Mike Meredith wrote:
> 
> > Basically, I set up three temporary machines (or set up a temp login
> > on one machine) We assume that I've cracked machine "A" and you then
> > log in to machine "B" via telnet from machine "C". I then show you
> > that I've sniffed your password and can now log into machine "B". To
> > increase the shock value, I can have you su to root via telnet, which
> > then gives me root access to machine "B".
> > (p.s. don't try this particular demo if you're running a switch
> > because it won't work.)
> 
> I might be repeating the obvious here, but a switched environment
> doesn't protect totally against sniffing. It just makes it slightly
> more difficult. Look for a utility called 'dsniff', and there are other
> tools to do the same job.

*sigh*
I didn't say, nor did I intend to insinuate, that a switching
environment was any protection from sniffing. I was simply pointing out
that if you try the particular demo (as described above) in a switching
environment, it would not work. This was intended to keep anyone green
who tried it from looking like a fool.
For those who are not very familiar with this situation:
A hub generally broadcasts all communication to all nodes on the hub.
A switch generally sends data only to the node it is intended for. This
is primarily for performance reasons, not security. While it does
provide some minor security improvement, it is really fairly neglible.
As Mike points out, even with a switch there are ways that you can sniff
passwords. The point of the original discussion is that communicating
via non-encrypted means allows easy access to the data you are
communicating to potential crackers. The particular example I gave above
is ONLY a simple way to demonstrate this to people who don't fully
understand. It's not intended to educate people on system security.
That's too extensive a topic to be covered in one demonstration.

-Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B124FAB.34B6F018>