mailing list archives
Re: [PEN-TEST] eMail auditing problem
From: Nicolas Gregoire <nicolas.gregoire () 7THZONE COM>
Date: Wed, 13 Sep 2000 18:23:51 +0200
"Groh, Jens" a écrit :
I've heard from a customer, that he believes, that all of his outgoing mail is read by someone using an email
question now is: has that to be server sided? I mean can anyone use this email sniffer or has he or she already
outgoing mail server?
How is this to be done?
There is many different cases possible :
- the mail server is hacked => reinstall it, try to prosecute the hacker
- a machine in your ISP network has been hacked. This machine is on the
same Ethernet segment that the mail server, or the mails pass through
- the boss box is compromised (BO2K), and all his keystrokes are logged
- surely some others ...
dsniff sniffs mails and keeps them in Unix mbox format
To find the compromise ?
Check each step (end-user box, mail server, proxy, ...)