Sniffing the traffic is trivial, even on a switched network. ARP flood the switch (any vendors switch) and it will 'fail-open'...that means that it will act like a hub and broadcast to all ports. Use ssh - and make sure its the most recent version of ssh. Dont think for a second that a switched network brings with it any hint of security. Like I said, takes about 20 lines of C code to 'fail-open' your switch - once that happens, you can sniff from any node on the segment.
Chris -----Original Message----- From: Trevor Cushen [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 10:03 AM To: [EMAIL PROTECTED] Subject: Is SSH worth it?? Hello all, Quick opinion based question. I have an switched internal network that currently uses a lot of rcp with rsh authentication to moves files about. Platforms are unix and nt (ftp on the nt side) More secure is ssh and scp for all platforms, but I have several scripts that would all have to be re-written and a fair bit of setting up for all the clients and servers involved throughout the organisation. The questions is this; On an internal network that is switched (making sniffing harder) is it worth going to SSH and SCP?????? I am aware how to set it all up but the thing is, is it worth it. Bare in mind also that few people have passwords to the boxes and the only real threat is sniffing the traffic. All opinions welcome, thanks Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499
