From owner-freebsd-questions  Mon May 28  6:17:56 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from clmboh1-smtp3.columbus.rr.com (clmboh1-smtp3.columbus.rr.com [65.24.0.112])
	by hub.freebsd.org (Postfix) with ESMTP id 3FA8A37B423
	for <questions@FreeBSD.ORG>; Mon, 28 May 2001 06:17:52 -0700 (PDT)
	(envelope-from wmoran@iowna.com)
Received: from iowna.com (dhcp065-024-023-038.columbus.rr.com [65.24.23.38])
	by clmboh1-smtp3.columbus.rr.com (8.11.2/8.11.2) with ESMTP id f4SDEbk08524;
	Mon, 28 May 2001 09:14:37 -0400 (EDT)
Message-ID: <3B124FAB.34B6F018@iowna.com>
Date: Mon, 28 May 2001 09:16:27 -0400
From: Bill Moran <wmoran@iowna.com>
X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Mike Meredith <hmv@meredithm.fsnet.co.uk>
Cc: questions@FreeBSD.ORG
Subject: Re: security question
References: <bulk.95613.20010527183351@hub.freebsd.org> <0105280941350A.00298@warlock.hmv.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Mike Meredith wrote:
> 
> > Basically, I set up three temporary machines (or set up a temp login
> > on one machine) We assume that I've cracked machine "A" and you then
> > log in to machine "B" via telnet from machine "C". I then show you
> > that I've sniffed your password and can now log into machine "B". To
> > increase the shock value, I can have you su to root via telnet, which
> > then gives me root access to machine "B".
> > (p.s. don't try this particular demo if you're running a switch
> > because it won't work.)
> 
> I might be repeating the obvious here, but a switched environment
> doesn't protect totally against sniffing. It just makes it slightly
> more difficult. Look for a utility called 'dsniff', and there are other
> tools to do the same job.

*sigh*
I didn't say, nor did I intend to insinuate, that a switching
environment was any protection from sniffing. I was simply pointing out
that if you try the particular demo (as described above) in a switching
environment, it would not work. This was intended to keep anyone green
who tried it from looking like a fool.
For those who are not very familiar with this situation:
A hub generally broadcasts all communication to all nodes on the hub.
A switch generally sends data only to the node it is intended for. This
is primarily for performance reasons, not security. While it does
provide some minor security improvement, it is really fairly neglible.
As Mike points out, even with a switch there are ways that you can sniff
passwords. The point of the original discussion is that communicating
via non-encrypted means allows easy access to the data you are
communicating to potential crackers. The particular example I gave above
is ONLY a simple way to demonstrate this to people who don't fully
understand. It's not intended to educate people on system security.
That's too extensive a topic to be covered in one demonstration.

-Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message