In message <20020704150257.B19563@snowdrop.l8s.co.uk>, David Laight writes:
>> Password -sniffing was obviously possible
>
>Many years ago someone where I worked wrote a program that filtered
>the promiscuous output of an ethernet card looking for (the equivalent
>of since we weren't running TCP) a SYN packet to the telnet server
>and the first data bytes in the same direction.  When two lines
>of data had been received the output was displayed (no need to look
>for responses).
>What we got was usernames and passwords scrolling up the screen
>(1 every second or so), 80% of which were for root.
>
>Needles to say the source of the program (written to see if we'd
>got promiscuous mode working properly) was quickly deleted.
>
>Of course these days network sniffing software is MUCH more common.

/usr/pkgsrc/security/dsniff...
>
>OTOH if I get my sun 3/60 working ssh is a little OTT for it.
>rlogin (with .rhosts) requires DNS spoofing - generally tougher
>than network sniffing.

Or sequence number guessing -- which *may* be too hard these days.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)