Dave Bujaucius wrote:
> It is common knowledge that unencrypted messages sent over an unsecured
> Internet connection *can* be viewed in clear text and thus the contents
> compromised. My questions:
>
> 1. Is it really easy? How readily available are sniffing tools that
> can do this?
Very easy. mailsnarf which is part of the dsniff tools does this.
> 2. Can it be done from a user's home dial up or DSL type connection?
> Can someone in California somehow be scanning mail leaving a New York
> location?
Two ways it can be done. dsniff acts as a sniffer so it must be
installed somewhere in the network path that the target e-mail transits.
That may or may not be easy for an attacker to do. Another
possibility is to compromise one of the mailhosts that relays the target
e-mail from its source to destination. This is no longer a network
attack, but a host attack. Nevertheless, the result is the same.
If the goal is to view all e-mail leaving or entering a particular
network, the sniffer or compromised mailhost would need to be right at
that network's POP. If the attacker is only interested in a small
subset of your e-mail then this can be done anywhere in the path the
e-mail typically takes from source to destination.
You can decide for yourself how easy it would be to accomplish this in
your environment.
-paul
