Linux w/ SBC DSL

[david nicol]

"Monty J. Harder" wrote:

> > method, in which the script enables promiscuous capture on your network
> > cards and then gleans your log-in data from a SBC log-in done from a
> > windows box, slightly disturbing.   But simple.
> 
>   What should be disturbing about this is =not= that this method was =used=,
> but that it =worked=. 

Yes, exactly.

>  IOW, SBC apparently runs the login in cleartext, so
> that any cracker that can get a connection to your LAN can sniff out
> everything needed to hijack your account and identity.  That's nearly as
> disturbing as a lot of my customers at work, where Jane logs into the Unix
> server as 'jane', with password 'jane', or people share logins so that
> everyone at one remote site uses the same login -- there are new Federal
> regulations set to take effect in a few months (Tony knows all about these;
> his company has to deal with them too) that will probably make these sorts
> of thing illegal for our industry - might make NetTerminals illegal too, for
> all I know, since they use Telnet instead of SSH.
> 
>   But reverse-engineering by monkey-see-monkey-do is a fine method to use.

"Assume the LAN is secure" is still perfectly reasonable in my opinion. 
It's
not like I have a data-jack on the outside of my house. Of course with
802.11
and a public community string I do -- so if you're doing the community
wireless
thing you need to be careful with your partitioning, and plug the base
station
into the INTERNAL side not the broadband side.  And actually _have_ two
sides
instead of sharing.