RE: frame question -- JAVA400-L

All you really need is a program called something like Sniffer and the
IP address.  You do NOT need physical access to any telephone lines,
just the software, an Internet connection, and the IP address.

This program sniffs the IP address.  It just sits there and echoes all traffic
at that IP address.  Usually it is returned in hex.  Then all you need is a
program to convert the hex to something you can read. This is big in the 
Unix world.  There are versions available for Win95.

I watched a guy demo a Unix version once.  He set his Sniffer program
on one PC to sniff at another PC sitting on his desk.  While he typed his
login ID and password on the other PC is was echoed in hex on the PC
running the Sniffer program.

So, the physical connection is not needed in this modern world, thanks
to the Internet and TCP/IP......

----------
From:   Walden Leverich[SMTP:walden@techsoftinc.com]
Sent:   Thursday, November 13, 1997 5:54 PM
To:     JAVA400-L@midrange.com
Subject:        Re: frame question

-----Original Message-----
From: DAsmussen@aol.com <DAsmussen@aol.com>
To: JAVA400-L@midrange.com <JAVA400-L@midrange.com>
Date: Thursday, November 13, 1997 7:59 AM
Subject: Re: frame question


<snip>
>came from there, after monitoring traffic on _your_ server so they can pop
up
>a quick message like "For verification purposes, what was that credit card
>number/password, again please?").
<snip>

Hold on a sec. Let us look at the packet flow of a connection:
1) I connect to my ISP using my house phone line
2) I send my ISP a packet. (containing my credit card number)
3) The packet gets forwarded to my ISP's provider via T1, T3 or other
dedicated cable.
4) The packet travels on the backbone on fiber or really big cable.
5) The packet arrives at the Vendor's provider
6) The vendor's provider send to the packet to the vendor.
7) Done.

Notice that my packet does NOT get sent to anyone else dialed into my ISP.

Now, where can someone "watch" my data? I doubt that anyone has the ability
to hook into MCI's fiber between NY and Denver. And if they do, getting my
lowly credit card number is the last thing on their mind. They could hook in
between the vendor's provider and the vendor, but again that would require
high-end equipment, not something your average credit card thief would have.
So, if they are going to hook in, it would probably be between my house and
my ISP. What a waste of time, the chances that a thief would ever find
anyone online are pretty small, and even if they did, they would have tapped
in during a computer conversation. They would need a good amount to
equipment to interpret the data stream.

On the other hand... You could walk into the switching station outside LL
Bean w/a hard hat, a clipboard and a telephone handset and listen to a
verbal communication very easily. As I see it sending credit card numbers
via the internet is safer than the voice calls I used to make.

JMHO,
-Walden

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "JAVA400-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
|    and specify 'unsubscribe JAVA400-L' in the body of your message.
| Questions should be directed to the list owner/operator: david@midrange.com
+---