>From: mouss [mailto:[EMAIL PROTECTED]]
>>everytime I show a Solaris "snoop" session (packet sniffer)
>and have someone
>>telnet, they, too, cannot believe their eyes how easy it is to grab
>>passwords off the wire...
>>Jeff
>
>
>This is exagerated though.
>normally, you need root access to sniff packets, well, at least on
>respectable OSes.
True, and for Internet connectivity this is somewhat tougher, but is not
exagerated on the internal, local LAN.
So many times I have seen unencrypted passwords (including root) on my local
lan, and we all know how easy it is to get a *nix box on the lan with root.
Switched networks help this problem by isolating traffic, but they are not
100% completely safe either.
>in the discussed case, unless someone manages to run a packet
>sniffer on
>one of the firewalls
>or on the webserver, there is no way to sniff the passwords.
Unless you sniff it the _other_ end of the connection (i.e. the local lan
side)
<caveat: I didn't keep up on the discussed caseas mentioned, I thought it
was about Ronneil seeing plaintext passwords on his LAN, sorry if i went too
far off topic.>
Jeff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
