VNCrack (just so you know it exists)

Illtud Daniel illtud.daniel "at" llgc.org.uk
Mon, 19 Jun 2000 11:43:30 +0000 

Jonathan Morton wrote:

>Illtud wrote:
 
> >Most switches should have a 'security' option to lock MAC addresses
> >to ports which would stop this, unless it forges an ARP packet to
> >give a different IP/MAC pair, but that should set your monitoring
> >processes (you *do* run ARPwatch or similar, don't you?) screaming.

> I'm definitely not a pro-level net admin.  However I do know that this
> student network is built using 10baseT and 10base5 backbone with few if any
> intelligent switches - probably just a huge series of "managed hubs".

If they're managed, then they probably also have the security option
I mention above. Unfortunately, if the network's not switched, then
dsniff isn't necessary and they can just pick the password off the
wire wherever they are. 3COM hubs (which are widely used in .ac.uk)
can 'scramble' the data to non-recipient ports (if they're managed).
Luckily, the price of switches is dropping fast, and most .ac.uk's
are now moving to a switched 10/100base-T network.

[]
>  I'd like to take a look at dsniff - after I did move the 486 off
> the switch and onto the main segment, PHoss picked up someone's e-mail
> password within 30 seconds - and this was at 3am.  Needless to say, i'm not
> using this information...

Scary, isn't it? When I was a net admin in .ac.uk a packet sniffer
could pick up all sorts of sensitive traffic within minutes. Things
are getting better slowly, but the numbers of (knowledgable) students
getting wire access (usually from their own bedrooms!) means that
the threat is growing daily. It's quite a different security scenario
than most others - the commercial world is now facing up to the same
sort of problems (ie. you can't trust your users with the wire) with
the introduction of DSL/cable modem networks for home subscribers.

-- 
Illtud Daniel                                 illtud.daniel "at" llgc.org.uk
Uwch Ddadansoddwr Systemau                       Senior Systems Analyst
Llyfrgell Genedlaethol Cymru                  National Library of Wales
Yn siarad drosof fy hun, nid LlGC   -  Speaking personally, not for NLW
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------