[rhn-users] Root login with telnet

Sean Countryman scountry at iastate.edu
Fri Jun 30 18:59:33 UTC 2006 

On Thu, 2006-06-29 at 14:10 -0700, Bill Watson wrote:

> 
> As far as a trojan sniffer goes, with everything on switches instead of
> hubs, how would one sniffer ever see the packet passed between anybody else?
> >From all the network monitoring tools (professional sniffers) documentation
> that I have read, switches defeat these tools from operation. How wouldn't
> it also defeat malicious sniffers? If there are sniffers that can blow
> through switches, then I need to get software made by these folks as the
> expensive stuff isn't up to the task.
> 
> Understanding how something can blow through a switch will help me protect
> against it.

You mean, like MAC Spoofing/flooding or ARP Poisoning?
(http://www.sans.org/resources/idfaq/switched_network.php)

Don't ever assume your net traffic can't be sniffed.  Another
possibility is compromising your switch.  If you run something like
Cisco IOS and somebody manages to get your management password...  they
can just mirror all the ports to a sniffing box.

> 
> I have wifi, but all (both) access points are secure.
> 

And you know that because..?  I assume you went outside with a laptop
equipped with a few choice programs like airsnort, etc.?

> So far my only hack (knock on wood) was when I had a RedHat machine that had
> port 22 ssh open. So now I do, and I advise others to lock that down tight
> as well. Without doubt, ssh port 22 is not immune.
> 
> I do not deny that some super clever trojan could eat my lunch, but as of
> today I have read nothing about anything capable of reading packets that are
> not directed to their port on an unmanaged switch.

See above link and always remember this free quote from me:

"In Network Security, always remember that you are never safe,
especially if you think you are safe." -- Sean

> 
> I guess I consider myself a realistic paranoid. One actual example of a
> switch blowing sniffer would get me to change immediately, but zero won't.

Ok, then when you read the part about MAC Spoofing or ARP poisoning you
started your changes?  (For more info, google away.  There are plenty of
results).

Ok, seriously now.  Please get a couple of hacking books, setup a
sandbox network, and start hacking your own test boxes.  Setup sniffers
and try to ARP poison your own network.  Drag a laptop around to scan
your wireless networks to see if you can steal encryption codes and
crack them.


Good Luck!

- Sean

More information about the rhn-users mailing list