Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Jun 1995 02:00:13 +0400 (MSD)
From:      =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= aka "Andrey A. Chernov, Black Mage" <ache@astral.msk.su>
To:        Mark Murray <mark@grondar.za>, Poul-Henning Kamp <phk@freefall.cdrom.com>
Cc:        csgr@freebsd.org, current@freebsd.org, gibbs@freefall.cdrom.com, jkh@freefall.cdrom.com, paul@freebsd.org, rgrimes@gndrsh.aac.dev.com, Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu>
Subject:   Re: Crypt code summary(2).
Message-ID:  <pSjnTxlmJ1@astral.msk.su>
In-Reply-To: <199506252003.WAA08724@grumble.grondar.za>; from Mark Murray at Sun, 25 Jun 1995 22:03:21 %2B0200
References:  <199506252003.WAA08724@grumble.grondar.za>

next in thread | previous in thread | raw e-mail | index | archive | help
In message <199506252003.WAA08724@grumble.grondar.za> Mark Murray
    writes:

>You guys want to hear something frightening? Eric Young (the `eay' in
>SSLeay) has a friend who will make SATAN look stupid. He has, and is
>going to release code that will snoop passwords out of new telnet and
>FTP sessions. The purpose is to force the use of this (or any
>equivalent technology). _They_ would prefer this to be SSLeay.

It isn't surprise, such code exists long time, if you have
root on any machine in the local ethernet f.e, you can
set card to promisc. mode and grab all traffic that goes through
your local net, including ftp/telnet passwords. In more
intelligent way you can use BPF filtering for it as tcpdump
does. Then small artifical intelligense to recognize
passwords through incoming data...


-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
FidoNet: 2:5020/230.3    : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?pSjnTxlmJ1>