Okay, I'm all set now. Thank you all for the help and don't let this
msg stop the discussion if you all wish to continue it.
--
"As a result of the war, corporations have been enthroned and an era of
corruption in high places will follow, and the money power of the
country will endeavor to prolon
Duncan Simpson wrote:
BTW I think you might be able to detect promiscous mode with a raw
socket (at least on non-switched ethernet). If I send a ping packet to
192.168.1.42 using the wrong ethernet address then a response implies
promiscous mode because otherwise the interface would have dropped th
On Thu, 2005-03-03 at 11:54, David Mandelberg wrote:
> Physical access means they can touch the machine. Local access means they can
> log into the machine. Often local access is further restricted to mean they
> can
> log in and get a real shell (i.e. the shell isn't /usr/sbin/pppd).
I tend to p
On Thu, 3 Mar 2005, David Mandelberg wrote:
> Alvin Oga wrote:
> > ah .. good point ... i make no distinction between "local access"
> > vs "physical access" in that if the server is behind the locked
> > door, it'd be better than if its on the corp server in the next
> > open cubicle on the sam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Stone escreveu:
:: On Wed, Mar 02, 2005 at 04:19:50PM -0300, Felipe
:: Augusto van de Wiel (faw) wrote:
I don't exactly, but, if you already allow your
users to use sudo/su solutions, why are you trying to
change it and... if
Alvin Oga wrote:
> ah .. good point ... i make no distinction between "local access"
> vs "physical access" in that if the server is behind the locked
> door, it'd be better than if its on the corp server in the next
> open cubicle on the same cat 5 wires, hubs and switches etc
Physical access mea
On Wed, 2 Mar 2005, s. keeling wrote:
> Incoming from Alvin Oga:
> >
> > On Wed, 2 Mar 2005, David Mandelberg wrote:
> >
> > > s. keeling wrote:
> > > > Isn't it generally accepted that black hats who get local access (ie.,
> > > > a user login account) is _much_ worse than black hats who've b
On Wed, 2 Mar 2005, David Mandelberg wrote:
> Alvin Oga wrote:
> > no more telnet, no more pop3, no more wireless, no more
> > anything that is insecure
> Those are not insecure: using them unwisely is. Telnet over a VPN is just as
> secure as ssh with password authentication. The same g
On Wednesday 02 March 2005 18.57, s. keeling wrote:
> Incoming from Brian Kim:
> > [snip]
> > solution, what sorts of security concerns does it present, aside from
> > the obvious "anyone can see anything" sort of concern?
>
> Do you understand what "anyone can see anything" really means? Have
> y
Incoming from Alvin Oga:
>
> On Wed, 2 Mar 2005, David Mandelberg wrote:
>
> > s. keeling wrote:
> > > Isn't it generally accepted that black hats who get local access (ie.,
> > > a user login account) is _much_ worse than black hats who've been kept
>
> anybody and everybody has "local access"
Alvin Oga wrote:
> no more telnet, no more pop3, no more wireless, no more
> anything that is insecure
Those are not insecure: using them unwisely is. Telnet over a VPN is just as
secure as ssh with password authentication. The same goes for pop3/pop3s.
Wireless is completely different
On Wed, 2 Mar 2005, David Mandelberg wrote:
> s. keeling wrote:
> > Isn't it generally accepted that black hats who get local access (ie.,
> > a user login account) is _much_ worse than black hats who've been kept
anybody and everybody has "local access" with or without permission
> > out? Ass
s. keeling wrote:
> Isn't it generally accepted that black hats who get local access (ie.,
> a user login account) is _much_ worse than black hats who've been kept
> out? Assuming black hat wants root, taking over a user's account is a
> very big first step.
>
> I would take the security of your u
> On Wed, Mar 02, 2005 at 04:14:51PM -0500, Brian Kim wrote:
> | Getting back to the problem at hand, is it required to be a superuser
> | in order to listen to all traffic coming in on a NIC? (I've always
when binding to the NIC, yes.
> | believed yes, but I'm just making sure here) And is i
Incoming from David Mandelberg:
> s. keeling wrote:
> > "... should be" != "are." Are you sure no-one there's using telnet,
> > ftp, & etc?
> Allowing
> network
> sniffing is just another good incentive not to send confidential data
Hello Brian,
On Wed, Mar 02, 2005 at 04:14:51PM -0500, Brian Kim wrote:
| Getting back to the problem at hand, is it required to be a superuser
| in order to listen to all traffic coming in on a NIC? (I've always
| believed yes, but I'm just making sure here) And is it possible to
| drop a NI
Ok, to clarify questions I've seen. =-) I don't care about users being
able to see all traffic on the wire. That's not of any concern since
all critical traffic is already encrypted and is nice and safe. I'm
trying to play with a network tool (VoIPong) that listens for all
traffic on a NIC. Unfortu
On Wed, Mar 02, 2005 at 04:19:50PM -0300, Felipe Augusto van de Wiel (faw) wrote:
I don't exactly, but, if you already allow your
users to use sudo/su solutions, why are you trying to
change it and... if you are planning to use any "non
encrypted" authentication protocol over the network,
y
s. keeling wrote:
> "... should be" != "are." Are you sure no-one there's using telnet,
> ftp, & etc?
If they send their confidential data unencrypted, that's not my fault, and
there's not much I can do to stop them (even if I somehow make it impossible on
my computers, they could still go to a li
Incoming from David Mandelberg:
> s. keeling wrote:
> > Do you understand what "anyone can see anything" really means? Have
> > you pumped tcpdump output into ethereal lately?
> >
> > "anyone can see anything" really means "anyone can see anything".
> > Think about it. And what's the real reason
On Wed, Mar 02, 2005 at 08:34:44PM +0100, martin f krafft wrote:
> > Sounds like a job for user-mode-linux.
>
> Sounds like overkill.
"When the only tool you have is a hammer, everything looks like a nail"
noah
pgpAY8YkhcgGa.pgp
Description: PGP signature
also sprach Scott Edwards <[EMAIL PROTECTED]> [2005.03.02.2026 +0100]:
> > I'd like to give regular users the ability to sniff packets (and
> > possibly drop the NIC into promiscuous mode?), without having to deal
> > with sudo or su. How could I go about doing this? And if you provide a
> > soluti
On Wed, 2 Mar 2005 12:02:47 -0500, Brian Kim <[EMAIL PROTECTED]> wrote:
> I'd like to give regular users the ability to sniff packets (and
> possibly drop the NIC into promiscuous mode?), without having to deal
> with sudo or su. How could I go about doing this? And if you provide a
> solution, wha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Brian Kim escreveu:
:: Hello all,
:: I'd like to give regular users the ability to sniff
:: packets (and possibly drop the NIC into promiscuous
:: mode?), without having to deal with sudo or su. How
:: could I go about doing this? And if you provide
also sprach Brian Kim <[EMAIL PROTECTED]> [2005.03.02.1802 +0100]:
> I'd like to give regular users the ability to sniff packets (and
> possibly drop the NIC into promiscuous mode?), without having to
> deal with sudo or su. How could I go about doing this? And if you
> provide a solution, what sor
s. keeling wrote:
> Do you understand what "anyone can see anything" really means? Have
> you pumped tcpdump output into ethereal lately?
>
> "anyone can see anything" really means "anyone can see anything".
> Think about it. And what's the real reason why you don't want to
> bother with sudo?
I'
Incoming from Brian Kim:
> [snip]
> solution, what sorts of security concerns does it present, aside from
> the obvious "anyone can see anything" sort of concern?
Do you understand what "anyone can see anything" really means? Have
you pumped tcpdump output into ethereal lately?
"anyone can see a
Hello all,
I'd like to give regular users the ability to sniff packets (and
possibly drop the NIC into promiscuous mode?), without having to deal
with sudo or su. How could I go about doing this? And if you provide a
solution, what sorts of security concerns does it present, aside from
the obvious
28 matches
Mail list logo
