To remotely sniff someone's internet traffic, you have to either compromise a box on (with a view of, i.e. sharing a broadcast domain or a weak switch with) the path that the bits would naturally take, or else you need to redirect the bits to pass by your sniffer before they complete their trip.
In the first category of attack would be a very commonplace and routine happening, when ISPs have weakly-secured machines, they get taken over, and everybody has to change their password, ick. This category would also contain currently more obscure (AFAIK) possibilities, like directly attacking a backbone providers' monitoring tools. In the latter category of re-routing the traffic to run under your nose, there'd be the routine DNS hacks, where you'd put up a proxy that forwards to the real server, and there'd be even more exotic taking over backbone routers and re-routing so you become part of the transit path. I doubt any of these are impossible. I strongly suspect that burglary of poorly-secured ISP random servers near one or the other endpoints of the conversation accounts for the vast majority of real internet sniffing that's done today. When script-kiddie kits are written to burgle and rootkit IOS, we may see a new complexion on things. Of course, unless these burglary kits are exclusively used by people who are experts at internet routing (thin on the ground, they) it's kinda moot, when we get a widely-distributed exploit of IOS we can probably expect a nice long vacation until the internet is completely reassembled from scratch. The only saving grace is that we could do it with pieces we have lying around the kitchen. Thank Cthulhu we've not fallen off Moore's law yet. Back to internet sniffing, I'd guess your odds of being a victim at any given moment in time aren't that great today, but they're definitely big enough that I don't use unencrypted protocols over the internet to access anything that requires authentication, unless I truly don't care about its security (==free-subscription websites). -Bennett
msg07321/pgp00000.pgp
Description: PGP signature
