Flutterby™! : Ethereal

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Ethereal

2003-06-12 18:19:28.494932+00 by Dan Lyke 7 comments

Setting up an account on my laptop to handle my work mail for my upcoming trip, and our sysadmin is out of town and I couldn't remember the details of my mail setup. So I set up Ethereal ("Sniffing the glue that holds the Internet together"), turned on packet logging, hit the "Get new mail" button, turned it off, and there was all my critical info.

Gulp. Now I'm really sure that anything plain text is a bad idea, and I'll be setting up SSH tunnelling for inbound POP and outbound SMTP really shortly. But it was a handy way to solve the "Well, I entered my password into my mail client when I first set it up and then forgot about it" problem.

[ related topics: Dan's Life Work, productivity and environment Travel Cryptography ]

comments in ascending chronological order (reverse):

#Comment made: 2003-06-12 19:17:25.229878+00 by: meuon

The mail server I am setting up is based on Courier http://www.courier-mta.org and handles Secure (SSL): SMTP, POP and IMAP very well.

#Comment made: 2003-06-12 21:37:44.734618+00 by: phoffman

Ethereal (and its text-based sibling, Tethereal) are real life-savers in situations like this.

So, Dan, do you really think that anyone sniffing the net cares about reading what's in your POP mailbox? I suspect the answer is no. So, Dan, does anyone care about your POP password? Yes, probably, because people often use the same password for POP as they do for more valuable things like SSH. (Hint, hint.)

#Comment made: 2003-06-12 21:43:58.846965+00 by: Dan Lyke

I already use separate passwords for my POP and for my interactive user account. And I've tried to keep users who use FTP and POP in relatively jailed configurations on my server.

But I also know that security is about how you do everything, and I should be in the practice of doing things the secure way. Most of the break-ins I've seen have been the result of "I need to get this working, I'll fix it later" type stuff.

#Comment made: 2003-06-13 00:53:59.087405+00 by: Shawn

Speaking of which, can anybody recommend a good tutorial on setting up chroot jails? I have a friend who wants up send me stuff and his end doesn't support passive ftp connections, so I'm looking at scp or sftp (which requires ssh access). Unfortunately, since this box got hacked/wormed last year I'm much more anal about who and what kind of access I allow. I found a few pages that kinda walked through setting up chroot jails but they're pretty rough and seem to assume a level of admin expertise just slightly beyond my current level. I'm confident I can do it with just them, but I'd like to have something a bit more clear and encompassing.

#Comment made: 2003-06-13 02:45:26.89657+00 by: dws

If you're sitting in a technical conference that has wireless access, chances are pretty good that somebody is sniffing traffic. At a security conference a year ago, a friend who should have known better had his shell password show up on a projected, real-time list of passwords being sniffed. Oops.

SSH tunneling rocks.

#Comment made: 2003-06-17 16:09:05.844813+00 by: meuon [edit history]

Current Linux vsftp chroot jails very easily, with a 'hack' to the /etc/passwd file by placing a /./ in the home dir:

meuon:x:501:501::/home/./meuon:/bin/bash
chroots FTP (but NOT shell) - but then, we don't let 99.9% of the users have shell anyway..

#Comment made: 2003-06-17 19:21:50.502765+00 by: Shawn

Um... I'll have to look up vsftp. I'm gonna wind up having to give him shell access anyway, though. I am not gonna open up all incoming ports just because his firewall won't allow passive ftp connections from his end.