David T. Ashley <[EMAIL PROTECTED]> wrote:
>
> But, in practice, has ANYBODY ever heard of a network sniff attack by a
> spammer? Everyone complains that POP3 and FTP send passwords in the plain,
> and an attack is possible, but has it ever been done?
Not by a spammer. But there are many records of passwords being stolen
via sniffing and used to gain unauthorized access to other services.
The SourceForge attack involved a sniffer set up in an ISP's datacenter
IIRC.
Spammers will eventually try such tricks, once the number of open relays
dwindles to the point where it is less effort to fraudently obtain a
password to an authenticated SMTP service than it is to find an open
relay.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
