Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] eMail auditing problem
From: Jan Muenther <jan () RADIO HUNDERT6 DE>
Date: Thu, 14 Sep 2000 10:52:48 +0200

Hello there,

I've heard from a customer, that he believes, that all of his
outgoing mail
is read by someone using an email sniffer! My
question now is: has that to be server sided? I mean can anyone use
email sniffer or has he or she already hacked the
outgoing mail server?

If you suspect a sniffer on the network, try and use something
like sentinel to detect a NIC in promiscuous mode.
On the other hand, are you sure your customer doesn't do things

a) Leaving his computer alone being logged in
b) Give his password freely to other users (to make each one's
lifes easier)

I know my users frequently do, and I hit them hard for doing so.
Doesn't help, though.

Bye, Jan
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther () radio hundert6 de

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]