SUMMARY: snoop

From: Carlos Bernal (cbernal@fis.ulima.edu.pe)
Date: Thu Aug 24 2000 - 09:41:57 CDT


Hi sun-managers:
        Thanks a lot, mails continue coming, but now I know what to do,
and why.
Snoop is a powerful tool for sysadmins, it does require root
privileges so users without root cannot run it.

It can be dangerous in the wrong hands, and priceless in
the right hands, such as sysadmins.

It is not a snoop bug but a weakness in any protocol that uses
plaintext passwords for authentication.

Using telnet, ftp, rlogin, rsh, etc. the possibility will
always exist for people to capture passwords passing in the network
as cleartext. Even imap and pop use plaintext.

At http://www.openssh.org
we can find the solution
>>
Secure Shell is the replacement for rsh, rlogin, rcp, telnet, rexec,
rcp and ftp. It encrypts all traffic, and provides various levels of
authentication depending on your needs. Main features of Secure Shell
include secure remote logins, file copying, and tunneling TCP and X11
traffic.
<<

X-windows, you might want to look into ssh-tunneling.
        The advantage of ssh is that it encrypts all your traffic so
that even
if someone uses snoop to capture all the packets when you log in as
root,
they won't be able to decrypt them.

        Kerberos is not mentioned as a real option to implement a
solution
for plaintext passwords.

        Almost any word of this summary is mine, thanks all who
responded,
specially thanks to
 
        Rich Lafferty, Scott McCool, Rob Staab, Heiko Maiwald,
        Michael Grice, Duncan Phillips, Terry Gardner,
        Watson, Michael, Todd Wilkinson, Buddy Lumpkin,
        Leonid Massarskiy, John T. Douglass, Rob McCauley,
        Sugan Moodley, Michael Maciolek, David Craig,
        Stephen Harris.

P.D.- It was only an attempt to give the users permission to run
snoopy for a "Networking" class here, professor asked it.

My original post:
======================
> Hi friends:
> In a lab with Solaris 2.6, snoop has been restricted
> because an administrator tested it and prove that this can
> catch passwords char by char. She tested it in Solaris 2.5.1
> I think Solaris security must be better than before,
> but what is your experience about it? Must I erase this
> file from each machine? Do you have any experience using snoop
> in University labs?
>
> Carlos Bernal
>

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:15 CDT