Re: [Sheflug] igmp packets...... it's getting worse....

["Stephen J. Turnbull" <nospam [at] sk.tsukuba.ac.jp>]

Despite all the bad news below, I'm not very paranoid.  I live pretty
clean---no girlfriends or gambling to upset my wife---so my main worry
is financial.  I make sure that my credit card company indemnifies me
for 3rd party wire fraud (one Japanese company---not mine---tried to
wiggle out on the basis that computer frauds were not listed in the
contract, the rats), and that about covers it.

Even if covered, one does have a responsibility to use SSL and so on:
those fraud losses (including enforcement costs) come out of bank's
revenues and police budgets, and so hurt your neighbors.  Do minimize
fraud.

>>>>> "Chris" == Chris J/#6 <sixie [at] nccnet.co.uk> writes:

    >> i didn't realise it was so easy to look at the contents of
    >> packets as they moved around the network........

    Chris> Well now you do ... :)

:(

    Chris> remember -- unless the connection is said to be encrpyted,
    Chris> everything goes back and forth in plaintext. On the
    Chris> internet, most encrypted connections go either over SSL
    Chris> (Secure Sockets Layer) or tunneled on SSH (Secure SHell).

Note that the _connection_ must be encrypted.  There are protocols
where the connection itself is plaintext, but the authorization is
secure.  CHAP as used in PPP authentication is one such (modulo our
resident ex-spook's usual caveats about the word "secure" for anything
that NSA is willing to admit actually exists).  I'm not sure, but I
believe the Stanford sftp/stelnet suite is similar.

Also, IPsec is becoming pretty common, and there are a lot of Virtual
Private Network products out there, some based on SSL or SSH, but most
not.

    Chris> You can only listen to packets on the same physical peice
    Chris> of wire as you ... so this means *anything* connected on a
    Chris> BNC backbone, or all machines on a hub; but excludes wires
    Chris> seperated by switches, bridges and routers. Though there
    Chris> may be exceptions...(very) rare they will be, and usually
    Chris> will be down to some funny config.

"Switches" means (or at least includes) "switching hubs".

Are you sure about bridges?  I thought the whole point of a bridge was
to make physically separate networks look like a single one.

    Chris> Bear in mind that most ISP's probably have better things to
    Chris> do than spy on your packets,

Unfortunately, the cops do not; spying on you is a lot more
entertaining and profitable than trying to prevent pickpocketing in
Picadilly.  Watch those laws carefully.  Note that Frenchmen do not
have the right to use encryption, and the U.S. government's "Clipper"
initiatives.

    Chris> plus they have silly amounts of data going over them.

Echelon is technically and probably financially feasible.

    Chris> The LINX (London Internet Exchange
    Chris> ... Europes biggest internet hub) has about 3GB/sec going
    Chris> over its cables. Try sticking Ethereal on that to get
    Chris> useful info :-)

    Chris> Realistically, there are two points you have to be
    Chris> concerned about, datawise:

    Chris> 	1. Your ISP, as they handle all your initial
    Chris> connections, and at the modem, the traffic is easy to
    Chris> filter

    Chris> 	2. The end your connected to ... do you trust their
    Chris> network?

No.  Your paranoia is insufficient.  If you have sensitive
communications, you probably also have a _specific_ sensitive
correspondent (your bank, your lawyer, il capo di tutti capi,
President Putin, "Monica", ...) and they can be targeted, too.  In
fact, that's more likely than targeting you---due to their large
traffic, such institutions are likely to be _less_ secure than
you---and history indicates that they are less aware of the problem
than the average denizen of ShefLUG.

    Chris> Filtering anywhere en route *is* possible, but less likely
    Chris> due to the inherent nature of the internet (routes are
    Chris> dynamic; so complete transactions could potentially go via
    Chris> several different routes during the connection). So don't
    Chris> worry too much :)

Again, insufficiently paranoid.  I have several times run into network
anomolies that show all the signs of DNS hacking and diverted traffic
(including denial from the ISP concerned that anything was amiss).  I
suspect it happens a lot more frequently but more skilled crackers
cover their tracks ... the man-in-the-middle is just one more dotted
quad with no reverse lookup internal to a large ISP ....

This can also happen internally to a LAN; I don't know the root
passwords on my Institute's systems, but they would be easy enough to
get: the tech staff use plain telnet to talk to hosts, routers, and
smart peripherals like printers, and our LAN is _not_ switched.  :-(


-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.