Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] eMail auditing problem
From: "Oxenreider, Jeff" <jox () SAFELITE COM>
Date: Wed, 13 Sep 2000 16:37:34 -0400

Another possibility is SessionWall-3 (www.sessionwall.com) it does email
sniffing, telnet and ftp session recording, and just about anything else.

Scary stuff.



Jeffrey A. Oxenreider
Network Security Analyst
Safelite Glass Corp



-----Original Message-----
From: Jose Nazario [mailto:jose () BIOCSERVER BIOC CWRU EDU]
Sent: Wednesday, September 13, 2000 12:20 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] eMail auditing problem


On Wed, 13 Sep 2000, Groh, Jens wrote:

I've heard from a customer, that he believes, that all of his outgoing
mail is read by someone using an email sniffer! My question now is:
has that to be server sided? I mean can anyone use this email sniffer
or has he or she already hacked the outgoing mail server?

the server need not be compromised. anything on the same
routed/switched/shared segment can be sniffed using the appropriate
methods. if someone's nefarious enough, routing wouldn't even be a
problem.

How is this to be done?
What programms?
What procedure?
How would you do that?

check for mailsnarf from dug song
(http://www.monkey.org/~dugsong/dsniff/). it's quite easy.

if they're worried about email being read, use encryption. s/mime or pgp
would or should suffice.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault