Date: Mon, 26 Jun 1995 02:00:13 +0400 (MSD) From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= aka "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> To: Mark Murray <mark@grondar.za>, Poul-Henning Kamp <phk@freefall.cdrom.com> Cc: csgr@freebsd.org, current@freebsd.org, gibbs@freefall.cdrom.com, jkh@freefall.cdrom.com, paul@freebsd.org, rgrimes@gndrsh.aac.dev.com, Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu> Subject: Re: Crypt code summary(2). Message-ID: <pSjnTxlmJ1@astral.msk.su> In-Reply-To: <199506252003.WAA08724@grumble.grondar.za>; from Mark Murray at Sun, 25 Jun 1995 22:03:21 %2B0200 References: <199506252003.WAA08724@grumble.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199506252003.WAA08724@grumble.grondar.za> Mark Murray writes: >You guys want to hear something frightening? Eric Young (the `eay' in >SSLeay) has a friend who will make SATAN look stupid. He has, and is >going to release code that will snoop passwords out of new telnet and >FTP sessions. The purpose is to force the use of this (or any >equivalent technology). _They_ would prefer this to be SSLeay. It isn't surprise, such code exists long time, if you have root on any machine in the local ethernet f.e, you can set card to promisc. mode and grab all traffic that goes through your local net, including ftp/telnet passwords. In more intelligent way you can use BPF filtering for it as tcpdump does. Then small artifical intelligense to recognize passwords through incoming data... -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?pSjnTxlmJ1>