[67403] in North American Network Operators' Group
Re: Network and security experts (was Re: Dumb users spread viruses)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Feb 9 13:35:41 2004
To: "Wayne E. Bouchard" <web@typo.org>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Mon, 09 Feb 2004 11:12:58 MST."
<20040209181258.GA34537@typo.org>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 09 Feb 2004 13:31:37 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-1957761198P
Content-Type: text/plain; charset=us-ascii
On Mon, 09 Feb 2004 11:12:58 MST, "Wayne E. Bouchard" said:
> This is dramatically demonstrated by the number of NANOG attendees
> that do not utilize encrypted paths to communicate back to their
> offices and who do not maintain at least passable password standards
> for their own accounts. It always astonishes me to see passwords such
> as "asdfg", "microsoft", and "password" come up on that list.
Been there, done that.
We hosted a SANS-EDU event a while back, and had about 300 people in a
lecture hall, most of whom had wireless access. I ran a small tcpdump
on the wireless, grabbing only outbound SYN packets for port 110, 995,
and the ports IMAP lives on. About lunchtime, I announced that I'd seen
some 50 or so people using encrypted POP on 995, and 65 or so using it
in plaintext. Somebody asked what data I was gathering, and I said "I'm
a white hat, I only looked at SYN packets enough to make this announcement."
Suddenly, we have 65 relieved looking people. Then I added "But I have no
idea at all what people sitting out in the atrium are grabbing off the
wire" - and we had 65 worried looking people. ;)
I didn't see very many SYN packets on port 110 in the afternoon session. :)
--==_Exmh_-1957761198P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAJ9IJcC3lWbTT17ARAoulAKD+EcD8kt0tsoTk7IXBV+Fhas25NwCg+PVe
onfwsyIRfmysdb38+XvsNVo=
=fLi7
-----END PGP SIGNATURE-----
--==_Exmh_-1957761198P--
