Re: Security

Eric Ochoa [NOL Staff] (
Wed, 26 Nov 1997 09:24:57 -0600 (CST)

On Wed, 26 Nov 1997, Robert Hsiung wrote:

> >a packet sniffer?
> >Well..if you want to get technical..that's always possible.
> That's what I was afraid of. :-)

There really isn't much to be afraid of, you can get some usefull bits of
information by sniffing packets.. mostly just chat or text but anything
video related would be alot more complicated to do anything with.

> >The typical
> >user isn't gonna have the keys to the routers
> The physical keys to the rooms that the routers are in? Or some kind of
> software password-type key?

No, by this I beleive he means passwords to the routers telnet interface.

> >(unless you connect to the
> >reflector and the reflector operator maintains the router to the
> > which case it's much easier just to send a BCC of the
> >reflector to monitor off to another reflector).
> I'm wondering about a one-to-one connection, not a connection through a
> reflector. Someone worried about security wouldn't go through a reflector,
> I don't think! :-)
> >There's always packet sniffers..but I imagine the percentage of people
> >that use packet sniffers actively is much less than 1% of the internet
> >population.
> A packet sniffer is software that lets you somehow intercept data on the
> Internet? Sorry, but I really don't know anything about this...

I'll summarize both of the previous paragraphs with this statement: You
will only be able to sniff packets of any traffic coming to or coming from
your LOCAL network, or any segment of a switched hub you are on. For
example, all of the admin staff in our NOC is on their own port of an NPI
switched ethernet hub, so other users can't see, or SNIFF, their traffic
(root passwds, etc.) So the chances of someone watching your cuseeme
session from across the internet isn't very great, unless that information
is coming across a router they are sniffing from a local ethernet

> >Even if you do sniff packets, you have to know what type of
> >data the packets are. That would mean having to rewrite CU to display
> >real time video/audio based on the sniffed packets.

What a nasty chore that would be :)

> But wouldn't the packets say what type of data they are? Otherwise, how
> would the computer that they're intended for know what to do with them?
> CU already does display real time video/audio based on packets, right? So
> it would "just" be a matter of feeding it sniffed packets?


> >I'm no expert though..I could be way off on that last part. I don't know
> >of anyone that's used a packet sniffer to actively display video.
> Well, if any experts want to chime in, this is something I need to find out
> about. Not because I want to go sniffing, but because we're thinking about
> using CUSM in situations in which confidentiality would be important.

I think your sessions would be secure enough, if you are that concerned
about it you might think about setting up a secure VPN to conduct your
transmissions through.

.o Eric Ochoa ............................... Phone [713] 467-7100 .o.
.o Networks On-Line ......................... Pager [713] 268-9177 .o.
.o 10497 Town & Country Way #460 ............ Email .o.
.o Houston TX 77024 ............................................... o.