On 14 Nov 2001 at 12:17, Brian E wrote: > Mailer: SecurityFocus > > What is required to capture packets over a dialup > PPP connection? > > I expect a wiretap would be needed first. Who can > actually do this? What is required to do this? > > How would you capture packets? Are there special > tools or software to do this over an analog phoneline? > > I am trying to understand the risk of not encrypting > data over a dialup PPP connection to a private > network.
Hello, I am interested in this subject, too. I have not found too much information about this until now. AFAIK, provided you trust both ends of the PPP connection, the only way would be to tap the wire. I don't know where you live and what telephone infrastructure exists outside of Germany, but here in Germany 99% of the phone network is digital, for new installations and bigger houses fiberoptic cable is used, only the last few metres from the phone jacks to an access point somewhere in the cellar of the house use traditional analog copper wire. That's why ISDN and DSL are quite popular in Germany. This makes it very hard to tap the wire physically, let alone decode the protocols on the backbones that multiplex 1000+ phone calls on a single fiber. I assume that under these circumstances, only someone working in a telecomm company or with access to this equipment (Government institutions) could do something like this. You should probably concentrate more on secure authentication. If someone could dial into your network who shouldn't, this would be far easier than tap the wire. Bye, Andreas
