North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 2511 line break

  • From: Stephen J. Wilcox
  • Date: Mon Jul 26 17:54:32 2004

On Mon, 26 Jul 2004, Randy Bush wrote:

> > whats the difference between telnet from a directly connected host and a
> > serial line?
> 
> if the 'directly connected host' is on multi-point medium, then it
> is subject to sniff attacks

I realised that but you can 'sniff' a serial line if you physically tap it, 

you're saying you can setup a span port much easier as its software tho right? 
but that requires you to have compromised the switch and an attached server, 
that in itself should be throwing up some alarms - rancid, tripwire etc?

it would be easier to hack the host directly and install a keylogger, only one 
hack to do that way and you can grab any passwds from telnet or ssh sessions

Steve