If there's a risk that John Doe could gain access to the NT and Unix
systems where the sniffer software is running, then this does seem very
unsafe. It would be better to run sniffer software on a machine that is not
capable of supporting multiple users and doesn't support remote access.
Sniffer users that know what they are doing can learn a huge amount of
information, including passwords, confidential data, etc. Both FTP and
Telnet use unencrypted passwords. This may not seem like a big deal except
that many people use that same password for access to confidential database
files. In addition to passwords, the sniffer user is going to see realms of
other data that could be confidential. (Once while teaching an onsite
Sniffer class, I noticed that an executive for the company was printing a
contract to sell the company.)
Running sniffer software on a shared machine is asking for trouble unless
you are really sure a hacker isn't going to get into that machine.
Priscilla
At 05:39 PM 8/21/01, Subba Rao wrote:
>Hi,
>
>We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet
>interfaces
>on both the systems in promiscuous mode. Currently we are not worried about
>any local
>users on the system. Are there any threats from remote users on the
>promiscuous interface,
>on either system? When I say "remote users", I am talking about John Doe on
>our network who
>has no business with either of these system. John Doe could be on Internet
>as well but has
>no user accounts on these systems. Would he get any vulnerable information
>from the sniffer
>interfaces on either system?
>
>Thank you in advance for any info.
>--
>
>Subba Rao
>[EMAIL PROTECTED]
>http://members.home.net/subba9/
>
>GPG public key ID CCB7344E
>Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E
________________________
Priscilla Oppenheimer
http://www.priscilla.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16748&t=16734
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
