Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] eMail auditing problem
From: Nicolas Gregoire <nicolas.gregoire () 7THZONE COM>
Date: Wed, 13 Sep 2000 18:23:51 +0200

"Groh, Jens" a écrit :

I've heard from a customer, that he believes, that all of his outgoing mail is read by someone using an email 
sniffer! My
question now is: has that to be server sided? I mean can anyone use this email sniffer or has he or she already 
hacked the
outgoing mail server?

How is this to be done?

There is many different cases possible :
- the mail server is hacked => reinstall it, try to prosecute the hacker
- a machine in your ISP network has been hacked. This machine is on the
same Ethernet segment that the mail server, or the mails pass through
this machine
- the boss box is compromised (BO2K), and all his keystrokes are logged
- surely some others ...

What programms?

dsniff sniffs mails and keeps them in Unix mbox format

What procedure?

To find the compromise ?
Check each step (end-user box, mail server, proxy, ...)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]