SMTP and POP3 sniffers?
Results 1 to 7 of 7

Thread: SMTP and POP3 sniffers?

  1. #1

    Question SMTP and POP3 sniffers?

    Hey, if I were to get the packets from POP3 and/or SMTP, and lets say the server doesn't encrypt the incoming, outgoing e-mail (whitch I know almost ever server would) could I read the e-mail message being sent?
    Sitting Duck Security check it out

    (All right, all right, you guys talked me into it, I will just learn PHP instead of using ASP.)

  2. #2
    Banned
    Join Date
    Apr 2002
    Posts
    149
    yes you can.

    put a sniffer and smell away. with snort at least...
    you can write rules that say
    listen on port 25 for the word "hi jon"
    and it will grab that.

  3. #3
    Banned
    Join Date
    Apr 2002
    Posts
    149
    why do you want to run asp on your linux box?
    isnt that somehat of an oxymoron
    [see his sig]

  4. #4
    Because I don't know PHP.
    Sitting Duck Security check it out

    (All right, all right, you guys talked me into it, I will just learn PHP instead of using ASP.)

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    425
    Something in your original post struck me as odd. It's true... you would think that as computer security improves, one of the things that should definitely be improved is the security of e-mail. Unfortunately, however, e-mail is almost as simple (read that as insecure) now as it was when it first originated. Thus, the percentage of email that is sent clear-text is still very high. There are mail protocols that are encrypted of course, but they're not very common. The usual thing to do if you care about people reading your main in transit is to PGP encrypt it. Perhaps someday we'll have e-mail that doesn't get passed clear-text, but I'm not holding my breath.

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Well, part of the problem with things like DNSSEC and Secure SMTP is that it requires the buy-in of large service providers in order to work. It's tough to force people like EarthStink and UUNet to just go magically change/upgrade their sendmail relays and/or DNS servers overnight and, without them, there's really no value-add, IMO.

    Secure SMTP has been more or less "around" since about Sendmail 8.9.3 (well, it's been "hackable" since around that time, anyway - meaning you could wedge it in). Problem is, almost no one seems to use it. DNS SEC is also already out there since probably the early days of 8.x... but it suffers the same major problem.

    And, having a previous life "in that role" at a fairly decent-sized/global ISP, I can tell you that upgrades to these sorts of servers aren't taken terribly lightly (often, for us, it was more like, "ok, we know there's a problem, but is there any way we can patch the current relays to make it go away or even less of an issue?").


    Perhaps ironically enough, a good secure SMTP implementation would pretty much eliminate almost all spam.

    It's kind of a "chicken and egg" problem... we can't force the big boys to do it, but we can't do it before a few of them start enforcing it. Perhaps the answer is to get clients like IE, Outlook, Eudora and a few others using SMTP AUTH (and ISPs such as Earthlink requiring it in order to talk to their internal relays) -- I could see that being a huge win for a big service provider... "spam less relaying" (though that still doesn't guarantee any mail coming in from the outside). Once they could push that sort of requirement out to their external relays, we'd have a winner... problem is, that last push would probably be a rather painful one (and one even Microsoft is reluctant to do as their OS' move forward - they still have legacy hardware and software to support).

    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  7. #7
    Senior Member
    Join Date
    Mar 2002
    Posts
    425
    I agree with you that the change really has to be an all at once kind of thing. I also know it won't be easy to implement, or else it would have already been done. Perhaps when we make the giant leap to ipv6 the changes can be implemented more widely. The leap to ipv6 is already going to be painful, so perhaps a little extra effort to make DNS and mail more secure will feel like a drop in the bucket.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides