On Tue, 11 Dec 2001, Harrington, Chris wrote: > In an environment with Outlook 2000 acting as an Exchange client (no POP), > is it possible to sniff the email traffic between the them?? If so, are > there any resources on preventing this?
I looked into this several years ago. IIRC, Outlook->Exchange traffic is tunneled through an SMB named pipe. It gets user authentication at the SMB level. It may also get encryption services there; I don't know. You might try running a sniffer against your box as you submit or read a message then grep the results for the partial contents of the message. You can't prove that it's unsniffable by failing, but you can certainly prove that it's sniffable by succeeding. :) -Jeff ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
