North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Network and security experts (was Re: Dumb users spread viruses)
On Mon, 09 Feb 2004 11:12:58 MST, "Wayne E. Bouchard" said: > This is dramatically demonstrated by the number of NANOG attendees > that do not utilize encrypted paths to communicate back to their > offices and who do not maintain at least passable password standards > for their own accounts. It always astonishes me to see passwords such > as "asdfg", "microsoft", and "password" come up on that list. Been there, done that. We hosted a SANS-EDU event a while back, and had about 300 people in a lecture hall, most of whom had wireless access. I ran a small tcpdump on the wireless, grabbing only outbound SYN packets for port 110, 995, and the ports IMAP lives on. About lunchtime, I announced that I'd seen some 50 or so people using encrypted POP on 995, and 65 or so using it in plaintext. Somebody asked what data I was gathering, and I said "I'm a white hat, I only looked at SYN packets enough to make this announcement." Suddenly, we have 65 relieved looking people. Then I added "But I have no idea at all what people sitting out in the atrium are grabbing off the wire" - and we had 65 worried looking people. ;) I didn't see very many SYN packets on port 110 in the afternoon session. :) Attachment:
pgp00023.pgp
|