I think I was sniffed?

Kris kancer at kancer.978.org
Mon Jul 10 13:33:43 EDT 2000


How is your network set up at work? Is it switched ethernet? Anyone at
your work could have sniffed your pop password and sold it to spammers, I
have seen that before. Also they could have broke into harvard.nets
servers, they do not have the most secure network(but better than most
ISPs) and h.net was telling you it was your fault, Demand headers from the
so called spammers to be sent to you, they wouldn't make you change your
password without actually proof.. 
Also your dial up pass and system passwords should really be differant,
especially if your sending it over clear text. A trick some people use is
they get your mail pass and get you to send an e-mail to them, then the
look at the headers and log onto your box as you with that pass.  
Do you use FTP with that pass?

 -Good luck, and demand those headers!

Kris Loranger
Network Systems Engineer
Belenosinc.com
kris at kancer.978.org
IRC:efnet, #978 AIM:KancerKris
Run Linux, keep the net free!

On Mon, 10 Jul 2000, Ron Peterson wrote:

> My ISP (HarvardNet) just had me change my dial-up password.  It seems
> they had been getting SPAM complaints which implicated me.  The SPAM
> wasn't appearing as coming from my account, but it was suspected that
> the perpetrators were logging in using my dial-up username and password.
> 
> Now I'm paranoid.
> 
> How did they get my password?  I use the same password for my user
> account on my linux laptop.  That's the only other place I use it.  So
> as far as I can tell, it must have been intercepted in one of three
> places: (1) when establishing my dial-up connection, (2) when retrieving
> my POP email (which I often do from my office LAN, in addition to when
> I'm dialed in, and (3) when I'm logging in to my laptop.  Am I
> forgetting anything?
> 
> I'm guessing someone got me on number (2).  Which means I'll probably
> stop getting my email except when I have a dial-in connection.
> 
> Any other suggestions about what I should do at this point to make sure
> I haven't been further compromised?  Let's just say, for the sake of
> argument, that I haven't compiled lists of the suid and guid programs on
> my laptop in a known secured state.
>  
> ________________________
> Ron Peterson
> rpeterson at yellowbank.com
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list