Linux w/ SBC DSL
david nicol
whatever at davidnicol.com
Sun Jul 14 19:42:52 CDT 2002
"Monty J. Harder" wrote:
> > method, in which the script enables promiscuous capture on your network
> > cards and then gleans your log-in data from a SBC log-in done from a
> > windows box, slightly disturbing. But simple.
>
> What should be disturbing about this is =not= that this method was =used=,
> but that it =worked=.
Yes, exactly.
> IOW, SBC apparently runs the login in cleartext, so
> that any cracker that can get a connection to your LAN can sniff out
> everything needed to hijack your account and identity. That's nearly as
> disturbing as a lot of my customers at work, where Jane logs into the Unix
> server as 'jane', with password 'jane', or people share logins so that
> everyone at one remote site uses the same login -- there are new Federal
> regulations set to take effect in a few months (Tony knows all about these;
> his company has to deal with them too) that will probably make these sorts
> of thing illegal for our industry - might make NetTerminals illegal too, for
> all I know, since they use Telnet instead of SSH.
>
> But reverse-engineering by monkey-see-monkey-do is a fine method to use.
"Assume the LAN is secure" is still perfectly reasonable in my opinion.
It's
not like I have a data-jack on the outside of my house. Of course with
802.11
and a public community string I do -- so if you're doing the community
wireless
thing you need to be careful with your partitioning, and plug the base
station
into the INTERNAL side not the broadband side. And actually _have_ two
sides
instead of sharing.
More information about the Kclug
mailing list