RE: [squid-users] Re: squid_ldap_auth and passwords in clear text

From: Adam Carter <Adam.Carter_at_optus.com.au>
Date: Mon, 17 Nov 2008 10:06:31 +1100

> IMHO these days Ethernet eavesdropping really isn't much of
> an issue (despite conventional wisdom:-). Much more dangerous
> are spyware/trojan keyloggers; server penetration is annother danger.
>
> Eavesdropping on all network traffic from any connection used
> to be a big problem when network hubs repeated all traffic
> everywhere. Although Ethernet has changed hugely, the old
> paranoia remains. Any modern device is
> a "switch" (not a "hub") and only directs traffic to the one
> port it's destined for, so nobody else can eavesdrop.

Wrong. (Unless you run Cisco with DHCP snooping with Dynamic ARP Inspection, or similar)

This will allow you to sniff on switches;
http://ettercap.sourceforge.net/
http://www.monkey.org/~dugsong/dsniff/
Received on Sun Nov 16 2008 - 23:06:36 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 17 2008 - 12:00:03 MST