From owner-freebsd-current  Sun Jun 25 15:26:28 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id PAA10420
          for current-outgoing; Sun, 25 Jun 1995 15:26:28 -0700
Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id PAA10414
          ; Sun, 25 Jun 1995 15:26:24 -0700
Received: by sequent.kiae.su id AA24686
  (5.65.kiae-2 ); Mon, 26 Jun 1995 02:01:09 +0400
Received: by sequent.KIAE.su (UUMAIL/2.0); Mon, 26 Jun 95 02:01:08 +0400
Received: (from ache@localhost) by astral.msk.su (8.6.8/8.6.6) id CAA00413; Mon, 26 Jun 1995 02:00:14 +0400
To: Mark Murray <mark@grondar.za>, Poul-Henning Kamp <phk@freefall.cdrom.com>
Cc: csgr@freebsd.org, current@freebsd.org, gibbs@freefall.cdrom.com,
        jkh@freefall.cdrom.com, paul@freebsd.org, rgrimes@gndrsh.aac.dev.com,
        Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu>
References: <199506252003.WAA08724@grumble.grondar.za>
In-Reply-To: <199506252003.WAA08724@grumble.grondar.za>;
    from Mark Murray at Sun, 25 Jun 1995 22:03:21 +0200
Message-Id: <pSjnTxlmJ1@astral.msk.su>
Organization: Olahm Ha-Yetzirah
Date: Mon, 26 Jun 1995 02:00:13 +0400 (MSD)
X-Mailer: Mail/@ [v2.38 FreeBSD]
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= aka
    "Andrey A. Chernov, Black Mage" <ache@astral.msk.su>
X-Class: Fast
Subject: Re: Crypt code summary(2).
Lines: 23
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Length: 1097
Sender: current-owner@freebsd.org
Precedence: bulk

In message <199506252003.WAA08724@grumble.grondar.za> Mark Murray
    writes:

>You guys want to hear something frightening? Eric Young (the `eay' in
>SSLeay) has a friend who will make SATAN look stupid. He has, and is
>going to release code that will snoop passwords out of new telnet and
>FTP sessions. The purpose is to force the use of this (or any
>equivalent technology). _They_ would prefer this to be SSLeay.

It isn't surprise, such code exists long time, if you have
root on any machine in the local ethernet f.e, you can
set card to promisc. mode and grab all traffic that goes through
your local net, including ftp/telnet passwords. In more
intelligent way you can use BPF filtering for it as tcpdump
does. Then small artifical intelligense to recognize
passwords through incoming data...


-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
FidoNet: 2:5020/230.3    : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849