Flutterby™! : ethereal rocks, again

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

ethereal rocks, again

2005-01-20 06:20:22.062984+00 by Dan Lyke 13 comments

Really, what will we do when network and mail administrators finally decide to make us use encrypted channels so that we'll have to actually remember our passwords and user names when we switch mail from machine to machine, rather than just using Ethereal?

[ related topics: Cryptography ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2005-01-20 12:58:18.3199+00 by: meuon [edit history]

It's is handy when acquiring dot.bomb ISP's.. Simply sniff port 110 using Sniffit or ethereal and you can re-acquire lost information about users, passwords.. etc.. But the best trick so far was decrypting the trivial encryption IMAIL puts into registry files.. Download: IMAIL Registry Importer for your own copy.

#Comment Re: made: 2005-01-20 17:32:39.112072+00 by: flushy

Well, for my users, I've created encrypted tunnels from the clients to the mail server. I've found this WAY quicker than SSL over $PROTOCOL.

As far as my users are concerned. "It just works."

#Comment Re: flushy's users made: 2005-01-20 19:41:12.077006+00 by: Mark A. Hershberger

I had to take over some users who had ssh tunnels to get their POP mail.

Perhaps flushy is better than this guy who set these user's up, but they were happy to get rid of their ssh tunnels once I setup an SSL/TLS-enabled server. They hated those tunnels.

Plus, if the tunnel is "hidden" better than these were, you create problems when someone else has to help them (after you've moved on, or been killed, or whatnot).

And, if by "WAY quicker" you mean speed of the connection, I'd say you were just practicing premature optimisation.

Doing SSL "right" -- even with self-signed certs -- is just so much easier to support in the long term.

#Comment Re: made: 2005-01-20 20:05:34.486492+00 by: Dan Lyke

I've gotten along fine with:

poll www.flutterby.com proto imap : plugin "ssh -l USERNAME %h /usr/sbin/imapd" auth ssh; no envelope nodns username USERNAME pass PASS to LOCALUSER@LOCALHOST *

in my ~/.fetchmailrc, but my outbound is a little kludgey, and it'd be good if I sat down and figured that out. Unfortunately that means getting it right on both sendmail and exim or migrating the colo box to exim, neither of which excites me in the least.

#Comment Re: made: 2005-01-21 00:36:48.910723+00 by: meuon

I feel the need to add.. personally.. I just SSH into my system and run PINE.

#Comment Re: made: 2005-01-21 07:31:19.879213+00 by: Shawn [edit history]

Mark, the correct reference is "hit by a beer truck" ;-)

For the rest, I confess that I'm not seeing the connection between Ethereal and encrypted communications (unless the common thread is hiding your traffic from sniffers). It could be because I don't understand the product. I read the overview, but Ethereal just looks like a network sniffer. Interesting, and obviously useful, but so far it's just in the "keep this in mind for when I need that functionality" pile.

#Comment Re: made: 2005-01-21 16:51:40.456285+00 by: flushy

Well, my setup is a bit different. We only have a handful of windows boxen (read that number as (2) two). Everyone else operates through the unix terminal server, so it's very easy to maintain the tunnel and keep it transparent.

The issue with speed is the DNS lookups the system does when anything connects. There is always a lag, even when cached. localhost automatically resolves with out any lag. There is also some setup time with the Secure Socket Layer - at least under sendmail. (yes I know I should move to postfix - but "it aint broke").

Thus from the user's prospective, "it's faster."

in defense of tunnels:

Various clients support different authentication. From my memory, Eudora didn't support CRAM or DIGEST, but NTLM and PLAIN. With self-signed certs, you also have to import them into your $CLIENT. Each client has it's own way of handling the certs. MS software uses the OS's certificate store, whereas 3rd party software (mozilla, t-bird, eudora) use their own database. Even under unix systems, you'd think you could import the cert into your CA database (under openssl). but nooooo.. your 3rd party app wants to keep it's own database. It's all just a big PITA.

#Comment Re: made: 2005-01-21 17:01:55.853194+00 by: Dan Lyke

Shawn, my specific comment was based on having yet another POP account set up for work for which I'd lost the little sheet of paper that had all of the appropriate settings on it. Once other sysadmins become as serious about security as I am it won't be this easy any more, but until then this is the umpteenth time I've used Ethereal to recover my username (which was not my email address) and password.

So, yeah, the common thread is "we all hide our own traffic from network sniffers, but we're glad other people don't".

#Comment Re: made: 2005-01-23 08:48:43.745697+00 by: Shawn [edit history]

That's why I finally tracked down and bought myself a password book. (Yeah, yeah all my passwords are in one place, but the upside is... all my passwords are in one place - my back pocket.)

I'm still confused, though. If you had lost your info - which would mean you aren't logging in - what did you sniff?

#Comment Re: made: 2005-01-23 16:01:03.404983+00 by: aiworks [edit history]

By password book, are you talking about something like this?

#Comment Re: made: 2005-01-23 19:46:48.488467+00 by: Shawn

I don't think so. It's hard to tell for sure from the info provided. My book is about 2.5" x 2", soft cover. Kind of like a little black address book, except without the tabs and formatted pages. (Just standard college-rule lines.)

I got the idea while temping a local mom&pop ISP. One day the sysadmin pulled out this book to enter his (very long) root password. I thought it was a great idea, but it took me about three years to track one of my own down. The place I bought mine doesn't carry them any more.

#Comment Re: made: 2005-01-23 21:17:47.843818+00 by: Larry Burton

>> I'm still confused, though. If you had lost your info - which would mean you aren't logging in - what did you sniff?

I've got a bunch of passwords saved in the application that logs into the site. Most of them save the passwords in encrypted form so if I forget the password I have no idea of what is stored in the program but it keeps logging in to get the data. If I turn on the sniffer while the app is logging in I then get the login information that I need.

#Comment Re: made: 2005-01-25 03:02:27.290233+00 by: John Anderson

Really, what will we do when network and mail administrators finally decide to make us use encrypted channels

Well, I'll probably end up doing something like jiggering DNS so that my app with the stored encrypted passwords thinks it's talking to the right server when it's actually talking to localhost, and then I'll write a little script dingus to bind the appropriate port and make the appropriate noises to get the app to give up the goods. (And this will be accompanied by much cursing, and then things will be written down and stuck somewhere rather than go through the whole PITA again...)