Re: Web Traffic Security and Eavesdropping

From: Adam Pal <pal_adam@xxxxxxx>
Date: Sun, 16 Nov 2008 11:49:28 +0100

Hello Mike,

My feeling is that you are both right, the one who asked you how it is
possible and you.
It is not possible when the attacker is not on the same virtual path
(lets say path instead network) but the attacker has -as the
wired-article describes- the possibility to bring himself on the path
for instance by modifying the route (BGP).

As you see, the answer to your question is no. You cannot pick up any
information from a flow you are not connected to somehow.
The webserver doesnt see all the information, it sees all information
delivered to it once he is a part of the virtual path the information
took.

--
Best regards,
Adam Pal

Tuesday, November 11, 2008, 2:16:08 AM, you wrote:

<==============Original message text===============
m> Hi, there. We all know many web sites out there encrypt connections with SSL
m> to prevent eavesdropping on user sessions. In a conversation about this
m> today while securing web services/ applications of one of our sites, a
m> friend asked how such a thing is possible if the eavesdropper is not on the
m> same network as the end-user or server being watched. I couldn't provide a
m> very good answer and was wondering if anyone out there could. We know how
m> easy it would be if you were on the same network or had access to one of the
m> nodes on either end or even, perhaps, a switch or router, etc in between
m> those two points.

m> Basically, the question is, can someone out there in the big, bad, internet
m> somehow watch all traffic going to and from another node on the internet
m> (like a web server for example) without being on the same local network as
m> the node they are watching? I'm quite sure the answer to this is yes and if
m> yes, then how is it done?

m> Thanks,
m> Mike

<===========End of original message text===========

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Web Traffic Security and Eavesdropping
  - From: Shreyas Zare

References:
- Web Traffic Security and Eavesdropping
  - From: mojorising

Prev by Date: Re: Hotspot Security in 30 minutes?
Next by Date: Re: hi, need help
Previous by thread: RE: Web Traffic Security and Eavesdropping
Next by thread: Re: Web Traffic Security and Eavesdropping
Index(es):
- Date
- Thread

Relevant Pages

Re: Linux server hacked, response time very slow, now Im in a intercompany war...
... Those will be logged and conveyed back to the attacker, ... Some may be network sniffers, ... machines' network traffic gets disabled. ... overwhelm popular Internet sites. ...
(comp.os.linux.security)
RE: Sniffing emails - how?
... to collect all of the traffic on your local network, ... As far as being able to do this on the internet, ... Subject: Sniffing emails - how? ... Am I correct in thinking that this is only a real problem when an attacker ...
(Security-Basics)
Re: Lan Attacks
... An actual attacker would use ... Web site vulnerabilities don't often lead to internal ... breaching your network. ... like you need a basic primer on internet security. ...
(Pen-Test)
RE: Private addresses on public network
... anybody accesses those computers from an external network," -- even when the ... JavaScript delivered to the client that causes the client to retrieve ... the attacker, the request results in another JavaScript response that tells ... Moving beyond a single server ...
(Security-Basics)
Re: About War Driving ..
... However, MAC filtering does not qualify as defense in depth, ... because the attacker can spoof a valid IP address. ... broadcasting the SSID doesn't hide a network, but just makes it show up ... machines in your building that you can control and check the MAC ...
(Security-Basics)