My client uses Lotus Notes.
Rgds,
Daniel Cen�culo
Darryl Luff
<[EMAIL PROTECTED] To: Ron DuFresne
<[EMAIL PROTECTED]>
u> cc:
[EMAIL PROTECTED], [EMAIL PROTECTED]
Sent by: Subject: Re: pop3
firewalls-admin@list
s.gnac.net
06-02-2002 05:37
Ron DuFresne wrote:
...
> This is not totally correct, it depends upon how much access to the
server
> supplying the pop3 accounts one has to. If one creates the user accounts
> so they only have access to remotely read their e-mails <i.e. give a
> shell of /dev/null>, unless they can also exploit the pop3 deamon, the
> game of sniffed usernames and passowrds limits others to only reading
> e-mails of those sniffed accounts. How exploitable the pop3 deamon is on
I was thinking more of the situation where the POP3 server is actually
something like an exchange server, authenticating users against a
corporate account database (NT domain or whatever). This seems to be a
pretty common configuration. And in that case the sniffed POP3
username/password is actually the user's corporate login
username/password.
> a particular OS is another subject altogether, they have had issues on
the
> past if I recall. Basically, it depends upon how much you trust others'
> setup of their routers and switches, and perhaps the ISP's your users are
> going to read from. It's those points that are going to be the primary
> sniffing vectors between two sites.
>
And internal users or admins playing around. Whether they have malicious
intentions or not, people seem to enjoy getting access to their mate's
(or boss's) passwords. Especially in a small site where the server is on
a user segment.
Darryl Luff
CDM Security Group
[EMAIL PROTECTED]
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
