Re: POP3 risk over the internet
From: Bernie Cosell (bernie@fantasyfarm.com)Date: 12/16/01
- Next message: those who know me have no need of my name: "Re: Anti Virus: Improving the defense strategy through proactiveness..."
- Previous message: Martin Bishop: "Re: Anti Virus: Improving the defense strategy through proactiveness..."
- Maybe in reply to: wildernesscanoe: "POP3 risk over the internet"
- Next in thread: those who know me have no need of my name: "Re: POP3 risk over the internet"
- Reply: those who know me have no need of my name: "Re: POP3 risk over the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bernie Cosell <bernie@fantasyfarm.com> Date: Sun, 16 Dec 2001 10:07:43 -0500
"Giles Coochey" <g.coochey@btinternet.com> wrote:
}
} "wildernesscanoe" <jcarlson@fs.com> wrote in message
} news:32LS7.113$0p6.5492@news7.onvoy.net...
} > I want to allow POP3 connectivity from the internet to my microsoft
} exchange
} > server.
}
} The risk with POP3 is that the username and password of each user's mailbox
} (In the enterprise this is normally the NT Domain username and password) is
} passed in clear text over the Internet. Anyone able to run a packet sniffer
} on the network between connecting end-nodes and your exchange server would
} be able to glean the username and password of users.
You should be a bit clearer here -- this is a bit glib and misleading.
There's the internet and the LAN. It is possible/likely/easy to 'sniff' a
LAN and glean all sorts of stuff [like POP passwords and more]. It is VERY
hard, if even possible, to 'sniff' things once it leaves your LAN. Between
packetizing and alternate-routing, it is a VERY different affair trying to
sniff something 'out there'...
} ... Once they have gained
} this information they could masquerade as the user and download all their
} emails.
Often worse than that: for many/most folk, their email password is the SAME
as their general authentication password, and so that'd mean that the
attacker could log in as the user (and use various local resources
directly), probably access filesystems and such as that user.
} If the email on your Exchange server is private, bear in mind also, that
} this messages are also clear text and are visible to just about any hacker
} who would want to view it.
Once again, this is a bit of an exaggeration. If they're *inside* [either
on the LAN at which you're reading or on the LAN where the server is], then
I agree that 'watching' your email isn't too difficult a job [although it
can be made more difficult by a LOT by using smart switching hubs for the
LAN segments and such]. If they're *not* inside, then I rather doubt that
the email is going to be "visible to just about any hacker".
And 'inside' is going to involve some sort of prior compromise [which
presumably could be detected] --- either physical compromise [getting a job
in the mail room and then hacking your PC there to 'sniff' and see what you
can see on the corporate LAN] or software compromise [somehow crack a
system and use it as a 'sniffing relay' [BackOrifice, and most unix root
kits do this]].
/Bernie\
-- Bernie Cosell Fantasy Farm Fibers bernie@fantasyfarm.com Pearisburg, VA --> Too many people, too few sheep <--
- Next message: those who know me have no need of my name: "Re: Anti Virus: Improving the defense strategy through proactiveness..."
- Previous message: Martin Bishop: "Re: Anti Virus: Improving the defense strategy through proactiveness..."
- Maybe in reply to: wildernesscanoe: "POP3 risk over the internet"
- Next in thread: those who know me have no need of my name: "Re: POP3 risk over the internet"
- Reply: those who know me have no need of my name: "Re: POP3 risk over the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
