wired network security

Michael Butash michael at butash.net
Mon Nov 3 12:56:04 MST 2014


On 11/02/2014 02:46 PM, Bob Holtzman wrote:
> Dandy, but looking at source code tells a nonprogrammer (me) little.
>
> I guess I'll just coast along with https for the important stuff even
> tho I've read that it can be spoofed.
>
I only read source code when I have to figure out obscure driver error 
conditions on garbage code.  Or morbid curiosity.

Really what i mean is seeing what is opening sockets on your box and 
transmitting data.  Use of "iftop", tcpdump, wireshark, or other 
applications will show you this in the way of open socket/port 
connections.  Use of "ss" or "netstat" with various flags (that I've 
posted before for Havens) to see what is opening listening sockets or 
establishing connections out.  From there you can examine the packets, 
might be amazed to see readable ascii flying past in the network data 
payloads.

Used to be fun to sit on the office switch on a span/monitor port doing 
network diagnostics when you begin to see people's credentials coming 
across too.  Learned what dsniff was for then for some fun quite early 
on in my career to harvest credentials of my buddies to torment.  ;)

Started enforcing SSL and encryption for myself shortly after.

-mb


More information about the PLUG-discuss mailing list