It actually takes very little brains to sniff a local lan. Many downloads on
the net with "how-to". I've seen it multiple times in multiple places. The
inside attempt is still more prevalent than outside (unless you work at Yale
& Princeton Universitys where a Princeton office worker just hacked a web
site at Yale, which had an amazingly simple (and stupid) password scheme
http://www.telegraph.co.uk/connected/main.jhtml?view=DETAILS&grid=P8&targetR
ule=10&xml=%2Fconnected%2F2002%2F07%2F30%2Fecnprin30.xml
If you are a large company you may have to worry about the overseas hackers
getting your data. Then again, even small companies store credit card
numbers and bank account info in clear text.
One solution I heard at last Common is to vpn your local lan traffic, use
switches (no hubs). All mac addresses, including wireless are hardcoded to
stop someone from sitting in the parking lot and sniffing or bringing a
laptop on-site. Some of the download tools for wireless sniffing have been
downloaded hundreds of thousands of times!
Am I paranoid? No, but realistic... I've caught some really ordinary people
doing some really stupid stuff (and realize I have a long ways to go to
catch a real hacker). All in companies not even close to the Fortune 1000.
<quote>And who can keep data from IS?    - and a few were programmers...

jim franz
www.i_just_saw_elvis.com  <gr>


----- Original Message -----
From: "Jim Langston" <jlangston@celsinc.com>
To: <security400@midrange.com>
Sent: Tuesday, July 30, 2002 2:15 PM
Subject: RE: [Security400] How paranoid do you get?


The other place besides between the OC3's where it is more likely someone
would want to sniff the data is on the local LAN.  But, if you have someone
at your company smart enough to figure out how to packet sniff accounting
info s/he should be in IS anyway.  And who can keep data from IS?

Regards,

Jim Langston

-----Original Message-----
From: Walden H. Leverich [mailto:WaldenL@TechSoftInc.com]

Mike,

<SNIP>

Where in this path to you think it's likely that someone will grab your
data? Is it possible, sure, anything  is possible, but it takes a fair bit
of equipment and skill to dig up a OC3 line between two ISPs and tap in
without bringing the line down. Then to watch all the data and find
something interesting... The only people doing that are the FBI with
Carnivore[1].

_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/security400
or email: Security400-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.






As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.