Options

Packet Sniffing on the Internet?

teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
A firewall administrator mentioned that connecting to a trusted site over the internet via Telnet is not that risky - if both ends employ strong security (separate, secured vlans, subnets, etc.) in their respective networks - because packet sniffing on the internet itself is unlikely unless someone hacked an AT&T internet router. Is his logic sound? Any insight is much appreciated.
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D

Comments

  • Options
    ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    Do you trust all people who have access to routers between your site and the server's?
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • Options
    JDMurrayJDMurray Admin Posts: 13,054 Admin
    Packets can travel anywhere over the Internet and through anyone's switches, routers, or store-and-forward servers, and not just via the equipment owned by the big Telecoms and Network Service Providers. It's a common misconception that Internet traffic in the USA stays in the USA, and this is not the case. Someone in New York could email someone in Los Angeles and the packets be routed through Europe, South America, or even China. This was clearly demonstrated when, in April 2010, for fours hours much of the Internet traffic from the US government and DoD was re-reouted through China. After all, the control of the Internet is now global, and for nearly thirty years it has been known as "The Public Internet."

    Assume that anyone can see your Internet data, like someone picking up and reading a post card. Encryption and authentication of sensitive/confidential information send across any public network is a must.
  • Options
    QuantumstateQuantumstate Member Posts: 192 ■■■■□□□□□□
    Have him run Armitage on himself and see how confident he is then...
  • Options
    the_hutchthe_hutch Banned Posts: 827
    Well, you could use source routing to define the specific route that the traffic takes if you wanted it to follow a trusted path. But still, it seems like it would be more work than just using more secure alternatives. Is there a specific reason he's wanting to use Telnet?
  • Options
    randyt1980randyt1980 Member Posts: 6 ■□□□□□□□□□
    i'd like to see a traceroute of this telnet connection accompanied by a visual trace (neotrace) for effect. bottom line, i would never transmit any kind of sensitive connection over a telnet connection.
  • Options
    RTmarcRTmarc Member Posts: 1,082 ■■■□□□□□□□
    telnet = clear text...enough said.
  • Options
    JDMurrayJDMurray Admin Posts: 13,054 Admin
    True, but the original point was that it is impossible for the packets to be intercepted en-route, so it was perfectly safe (i.e. confidential) to use a non-encrypted protocol. If so, why does Google, Amazon, eBay, online banking, et al. waste to much time and money implementing and maintaining SSL? :duh:
  • Options
    randyt1980randyt1980 Member Posts: 6 ■□□□□□□□□□
    lol i guess its safe for everyone to just scrap SSL :)
  • Options
    beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    Trusting Telnet with anything even slightly confidential wouldn't exactly be considered a "best practice", to say the least. The flip side of the coin would be who would actually sit around at a telecom or hop point randomly looking for said traffic? Its a low barrier to entry but then again I have better things to do with my time. So, all in all, its an easily avoidable risk. Like connecting to a random hotspot at DefCon - eventually your going to get bit.

    - beads
Sign In or Register to comment.