At 09:49 30/08/00 -0500, Behm, Jeffrey L. wrote:
>Oh...yeah....another convertee to the dark side...
>everytime I show a Solaris "snoop" session (packet sniffer) and have someone
>telnet, they, too, cannot believe their eyes how easy it is to grab
>passwords off the wire...
>Jeff
This is exagerated though.
normally, you need root access to sniff packets, well, at least on
respectable OSes.
but let's forget about it, since everyone may be root somehow.
you can only sniff packets travelling in lines physically connected to you.
You can harldy
ethersuck the other side of the moon.
in the discussed case, unless someone manages to run a packet sniffer on
one of the firewalls
or on the webserver, there is no way to sniff the passwords.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
