Options
Packet Sniffing on the Internet?
teancum144
Member Posts: 229 ■■■□□□□□□□
in CHFI
A firewall administrator mentioned that connecting to a trusted site over the internet via Telnet is not that risky - if both ends employ strong security (separate, secured vlans, subnets, etc.) in their respective networks - because packet sniffing on the internet itself is unlikely unless someone hacked an AT&T internet router. Is his logic sound? Any insight is much appreciated.
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. 
Comments
-
Options
ChooseLife
Member Posts: 941 ■■■■■■■□□□
Do you trust all people who have access to routers between your site and the server's?“You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896
GetCertified4Less - discounted vouchers for certs -
Options
JDMurray
Admin Posts: 13,031 Admin
Packets can travel anywhere over the Internet and through anyone's switches, routers, or store-and-forward servers, and not just via the equipment owned by the big Telecoms and Network Service Providers. It's a common misconception that Internet traffic in the USA stays in the USA, and this is not the case. Someone in New York could email someone in Los Angeles and the packets be routed through Europe, South America, or even China. This was clearly demonstrated when, in April 2010, for fours hours much of the Internet traffic from the US government and DoD was re-reouted through China. After all, the control of the Internet is now global, and for nearly thirty years it has been known as "The Public Internet."
Assume that anyone can see your Internet data, like someone picking up and reading a post card. Encryption and authentication of sensitive/confidential information send across any public network is a must.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Options
Quantumstate
Member Posts: 192 ■■■■□□□□□□
Have him run Armitage on himself and see how confident he is then... -
Options
the_hutch
Banned Posts: 827
Well, you could use source routing to define the specific route that the traffic takes if you wanted it to follow a trusted path. But still, it seems like it would be more work than just using more secure alternatives. Is there a specific reason he's wanting to use Telnet? -
Optionsrandyt1980
Member Posts: 6 ■□□□□□□□□□
i'd like to see a traceroute of this telnet connection accompanied by a visual trace (neotrace) for effect. bottom line, i would never transmit any kind of sensitive connection over a telnet connection.
-
OptionsJDMurray
Admin Posts: 13,031 Admin
True, but the original point was that it is impossible for the packets to be intercepted en-route, so it was perfectly safe (i.e. confidential) to use a non-encrypted protocol. If so, why does Google, Amazon, eBay, online banking, et al. waste to much time and money implementing and maintaining SSL? :duh:
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Options
beads
Member Posts: 1,531 ■■■■■■■■■□
Trusting Telnet with anything even slightly confidential wouldn't exactly be considered a "best practice", to say the least. The flip side of the coin would be who would actually sit around at a telecom or hop point randomly looking for said traffic? Its a low barrier to entry but then again I have better things to do with my time. So, all in all, its an easily avoidable risk. Like connecting to a random hotspot at DefCon - eventually your going to get bit.
- beads
