[prev in list] [next in list] [prev in thread] [next in thread]
List: pen-test
Subject: Re: Sniffing packets between Outlook and Exchange
From: Jeff King <peff-pentest () fenris ! cc>
Date: 2001-12-12 0:06:27
[Download RAW message or body]
On Tue, 11 Dec 2001, Harrington, Chris wrote:
> In an environment with Outlook 2000 acting as an Exchange client (no POP),
> is it possible to sniff the email traffic between the them?? If so, are
> there any resources on preventing this?
I looked into this several years ago. IIRC, Outlook->Exchange traffic is
tunneled through an SMB named pipe. It gets user authentication at the
SMB level. It may also get encryption services there; I don't know.
You might try running a sniffer against your box as you submit or read a
message then grep the results for the partial contents of the message.
You can't prove that it's unsniffable by failing, but you can certainly
prove that it's sniffable by succeeding. :)
-Jeff
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic