Ron DuFresne wrote: ... > This is not totally correct, it depends upon how much access to the server > supplying the pop3 accounts one has to. If one creates the user accounts > so they only have access to remotely read their e-mails <i.e. give a > shell of /dev/null>, unless they can also exploit the pop3 deamon, the > game of sniffed usernames and passowrds limits others to only reading > e-mails of those sniffed accounts. How exploitable the pop3 deamon is on
I was thinking more of the situation where the POP3 server is actually something like an exchange server, authenticating users against a corporate account database (NT domain or whatever). This seems to be a pretty common configuration. And in that case the sniffed POP3 username/password is actually the user's corporate login username/password. > a particular OS is another subject altogether, they have had issues on the > past if I recall. Basically, it depends upon how much you trust others' > setup of their routers and switches, and perhaps the ISP's your users are > going to read from. It's those points that are going to be the primary > sniffing vectors between two sites. > And internal users or admins playing around. Whether they have malicious intentions or not, people seem to enjoy getting access to their mate's (or boss's) passwords. Especially in a small site where the server is on a user segment. Darryl Luff CDM Security Group [EMAIL PROTECTED] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
