[Gllug] SFTP Server
Doug Winter
doug at pigeonhold.com
Mon Apr 14 07:49:46 UTC 2003
On Mon 14 Apr Simon A. Boggis wrote:
> Of course, using a switched network is still better than not
> (performance aside) because you force your attackers into making an
> active, and therefore in principle detectable, attack. The bad news is
> that in practice most of us wouldn't notice (ever, or until far too
> late!).
Yes, it's sort of possible. AIUI arp spoofing, though, it's got a very
good chance of showing up, because it would trash your network pretty
badly. You are unlikely to type in a password to a machine that you
can't even log in to.
And although it's possible to set up a machine using arp spoofing to
proxy traffic, so you can then make a man-in-the-middle attack, this
isn't an automated attack. This requires a real human being really
trying to crack you. Which just isn't the major risk for most of us -
the real risk (to most of us) is crackers running huge automated attacks.
Personally I run arpwatch too anyway, since I want to know when someone
plugs a machine into my network (mostly just so I can make sure DNS,
DHCP, firewall and the computer they plug in are in sync).
> Another reason not to assume that you are safe from sniffing is the
> recent ethernet frame padding vulnerability which linux was vulnerable
> to. By sending small packets to a vulnerable machine you receive
> replies where failure to pad out packets properly results in the reply
> containing data from "other" packets. A remote attacker can use this
> to "sniff" data passing through a router, or to get passwords from a
> machine running pop, imap, telnet, telnet etc.
Good point. This has been fixed now though :)
[and yes, I still think everyone should use SSL wherever feasible - it's
just not the panacea it is sometimes touted as.]
doug.
--
1024D/6973E2CF print 2C95 66AD 1596 37D2 41FC 609F 76C0 A4EC 6973 E2CF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20030414/a9128a7b/attachment.pgp>
More information about the GLLUG
mailing list