[rt-users] Security risk! Passwords can be compromised!

Dave Sherohman dave at sherohman.org
Tue Feb 3 10:43:53 EST 2009


On Tue, Feb 03, 2009 at 04:25:04PM +0100, Andreas Heinlein wrote:
> Dave Sherohman schrieb:
> > Fair point, but I still see a significant difference between "turn on
> > this switch and we'll hand you the passwords in a log file" and the
> > various methods you mention, any of which would require some degree of
> > skill and/or effort to implement. 
> aptitude install dsniff
> dsniff -i eth0 > passwords.txt
> 
> That's it, basically ;-)
> (when run on the RT server)

Yup.  I didn't say it would be a *large* degree of skill or effort
involved.  :)

(And, personally, I prefer ngrep.  Something like

ngrep -d eth0 password dst port 80 > passwords.txt

wouldn't capture nearly as much random traffic along with the
passwords.)

-- 
Dave Sherohman
NomadNet, Inc.
http://nomadnetinc.com/



More information about the rt-users mailing list