> On Fri, Oct 12, 2001 at 12:09:08AM -0700, ME wrote: [chop] > > Some people have encountered problems like this and found ssh-ing to > > an on-campus host "close" to the pop3 server, and then relaying the > > request using the insecure pop-authentication (plain-text across the > > net, but only between the on-campus hosts nstead of being bounced > > across a larger network.) [chop]
On Sat, 13 Oct 2001, Matt Roper wrote: [chop] > The mail servers can be reached in just a single hop from > the isun systems which I have a shell account on. In order for somebody > to sniff my password being transmitted from isun to the mail server, > they'd have to have root access on some computer in that subnet, right? [chop] (I kind-of figure this is a rhetorical question, so this is a rhetorical answer ;-) Yes/no. For certain OS, there is little/no user structure with a root or admin and general user=root If the network is a switched network between the two hosts, then you have a higher level of security from sniffing since the sniffer would see nothing but the first ethernet frame from unknown MAC to unknown MAC/Broadcast MAC unless the switch was configured (puposefully) to flood to a sniffer-port with a sniffer running on it, or "break" the switch and make it into a repeater and then see all traffic (prob result in a RMON/SNMP trap/trigger if the switch was well set up and notify the network admin) and then have a sniffer on one of those ports being flooded. Heh heh heh... O:> -ME -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z? ------END GEEK CODE BLOCK------ decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html Systems Department Operating Systems Analyst for the SSU Library
