[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] re: Telnet security
- Subject: RE: [cobalt-security] re: Telnet security
- From: "Drage, Nicholas" <nickd@xxxxxxxxx>
- Date: Wed, 25 Apr 2001 14:58:27 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> > > If you login through *telnet* over a public network, you
> > > have a lot to worry about! Telnet is so insecure, people can
> > > just sniff your password to get into your box... (no hacking needed)
> >
> > >Which people are those who can sniff your password?
> > >Network administrators and such,
They can do, and there's no reason why you should trust them not to use it
maliciously.
Of course there is no reason for them to do this intentionally, the packets
may just get logged while they're carrying out general network diagnostics.
And if their monitoring facilities are insecure a malicious third party may
compromise their network monitoring systems and exploit the data found
within.
Or a Security team, on wherever you're connection from or connecting to, may
monitor your telnet connection as part of their network monitoring, or pick
up the traffic in a NIDS ( Network Intrusion Detection System ) that's
looking out for attempted telnets inbound or outbound. And as before, if
their facilities are compromised a malicious third party can make use of the
data.
> > > but how does an 'ordinary' user watch theinternet promiscuously?
> Ordinary hackers (or crackers, or whatever you choose to call
> them) do so routinely. You hack a box, put the interface into
> promiscuous mode, and set up an account sniffer like LinSniff on that
> hub. If it *is* in fact a hub. In case of a switched port, you would just
> see those login attempts originating from or going to the hacked box...
> which is just as bad if you roam between different machines a lot.
It wouldn't necessarily see just the packets to and from the host itself.
DSniff and other software ( AFAIK ) can play games with switches and cause
them to either redirect traffic from another box on the switch to the box
the hacker has compromised, or cause the switch to act like a hub and so
make the setting of promiscuous mode more rewarding.
Or the switch itself can be compromised and the hacker sets the relevant
port to "debug" or "mirror" mode, so all traffic going through the switch is
passed down it, so the compromised host listening in promiscuous mode can
pick up on your password as it goes past.
Are you afraid yet?
--
Nick Drage - Security Architecture - Demon Internet - Thus PLC
As of Wed 25/04/2001 at 9:00
This computer has been up for 0 days, 15 hours, 28 minutes, 31 seconds.