SMTP and POP3 sniffers?

**Toxic** · May 5th, 2002, 06:17 AM

Hey, if I were to get the packets from POP3 and/or SMTP, and lets say the server doesn't encrypt the incoming, outgoing e-mail (whitch I know almost ever server would) could I read the e-mail message being sent?

**AngryBob** · May 5th, 2002, 06:30 AM

yes you can.

put a sniffer and smell away. with snort at least...
you can write rules that say
listen on port 25 for the word "hi jon"
and it will grab that.

**AngryBob** · May 5th, 2002, 06:33 AM

why do you want to run asp on your linux box?
isnt that somehat of an oxymoron
[see his sig]

**Toxic** · May 5th, 2002, 06:51 AM

Because I don't know PHP.

str34m3r · May 6th, 2002, 11:43 PM

Something in your original post struck me as odd. It's true... you would think that as computer security improves, one of the things that should definitely be improved is the security of e-mail. Unfortunately, however, e-mail is almost as simple (read that as insecure) now as it was when it first originated. Thus, the percentage of email that is sent clear-text is still very high. There are mail protocols that are encrypted of course, but they're not very common. The usual thing to do if you care about people reading your main in transit is to PGP encrypt it. Perhaps someday we'll have e-mail that doesn't get passed clear-text, but I'm not holding my breath.

***draziw*** · May 7th, 2002, 12:19 AM

Well, part of the problem with things like DNSSEC and Secure SMTP is that it requires the buy-in of large service providers in order to work. It's tough to force people like EarthStink and UUNet to just go magically change/upgrade their sendmail relays and/or DNS servers overnight and, without them, there's really no value-add, IMO.

Secure SMTP has been more or less "around" since about Sendmail 8.9.3 (well, it's been "hackable" since around that time, anyway - meaning you could wedge it in). Problem is, almost no one seems to use it. DNS SEC is also already out there since probably the early days of 8.x... but it suffers the same major problem.

And, having a previous life "in that role" at a fairly decent-sized/global ISP, I can tell you that upgrades to these sorts of servers aren't taken terribly lightly (often, for us, it was more like, "ok, we know there's a problem, but is there any way we can patch the current relays to make it go away or even less of an issue?").

Perhaps ironically enough, a good secure SMTP implementation would pretty much eliminate almost all spam.

It's kind of a "chicken and egg" problem... we can't force the big boys to do it, but we can't do it before a few of them start enforcing it. Perhaps the answer is to get clients like IE, Outlook, Eudora and a few others using SMTP AUTH (and ISPs such as Earthlink requiring it in order to talk to their internal relays) -- I could see that being a huge win for a big service provider... "spam less relaying" (though that still doesn't guarantee any mail coming in from the outside). Once they could push that sort of requirement out to their external relays, we'd have a winner... problem is, that last push would probably be a rather painful one (and one even Microsoft is reluctant to do as their OS' move forward - they still have legacy hardware and software to support).

str34m3r · May 12th, 2002, 12:42 AM

I agree with you that the change really has to be an all at once kind of thing. I also know it won't be easy to implement, or else it would have already been done. Perhaps when we make the giant leap to ipv6 the changes can be implemented more widely. The leap to ipv6 is already going to be painful, so perhaps a little extra effort to make DNS and mail more secure will feel like a drop in the bucket.

Thread: SMTP and POP3 sniffers?

Thread Tools

Display

SMTP and POP3 sniffers?

Posting Permissions