Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] eMail auditing problem
From: Karyn Pichnarczyk <karyn () SANDSTORM NET>
Date: Wed, 13 Sep 2000 13:06:11 -0400

I've heard from a customer, that he believes, that all of his outgoing mail is read by someone using an email 
sniffer! My
question now is: has that to be server sided? I mean can anyone use this email sniffer or has he or she already 
hacked the
outgoing mail server?

I'm sure others on this list will send you many technical, detailed
plans on how to see if his mail is being intercepted, but I'm going to
propose a simple plan that should be checked in any case.

Depending on the technical level of the customer, ensure that the
customer has checked the /etc/aliases file (or other such mailing list
engine of his mail server) to see if his mail is being forwarded to any
aliases/mailing lists other than just himself.  Also check for any
automatic forwarding mechanisms his personal computer may have implemented,
which are different for any mail client he may have.

And then do all the other things everyone on this list will recommend.

Karyn Pichnarczyk
Sandstorm Enterprises, Inc.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]