October 4th, 2002, 11:18 PM
Hackers: what can they see in Email
I have a question regarding what hackers can see if they happen to be watching my server traffic.
If my server, via php, sent an email message to someone that contained text and some images, would the hacker be able to see any of the information sent?
1. So could she see the text message ---- yes / no
2. Could she see the images ----- yes / no
3. Could she intercept an attachment ----- yes / no
4. Could she intercept the whole message as if the message was going to her ------ yes / no
Thanks for your help
October 4th, 2002, 11:46 PM
Part II to this post is:
Could a hacker intercept a file such as a "zip" file going to my FTP server and physically have that zip file on their machine?
October 5th, 2002, 02:12 AM
Well, assuming they can sniff packets leaving your server, they should be able to grab *anything* that you send. You could encrypt it, but they'd still be able to get a copy of the encrypted information.
October 5th, 2002, 07:43 AM
Ok I give up......I have been thinking and thinking and thinking of a way instead of using SSL to just secure my signup and login pages. I guess there is just no 100% way of securing the distance between the client browser and the server unless you are using SSL. There is alot of ways to slow people down but in the end I guess if a hacker is wathcing the packets go by then he can get in.
October 5th, 2002, 07:45 AM
ssl is no 100% either but close to that. as you said, if the hacker is skilled enough, he WILL get in.
October 6th, 2002, 08:47 PM
It's my understanding that an attacker can only sniff packets if they are on either of the machines that is passing information back and forth. Is this correct?
October 6th, 2002, 09:24 PM
I'm not sure how the internet architecture works, but for a local network (as for as I know) every machine on the same subnet gets all the packets for every other machine, it just ignores them.
For the internet, anyway, do a traceroute on yahoo.com. Every ip address that comes back has access to the packets your sending, and those probably aren't all.
October 7th, 2002, 10:35 AM
She can sniff anytime she wants, whether or not your data is useful to her or encrypted is another story. Note, sniff doesn't mean she can intercept your packet, not at all. The best to describe intercepting packets not destined to you is so-called spoofing, and is usually done via Zone Spoofing in DNS along with Cache Poisoning.
Anyway, if you don't want your server to be vulnerable to such attack, don't run BIND, run dnscache instead.
October 7th, 2002, 02:07 PM
Is this done within the Webserver or where? I have not seen this before. I am using IIS 5.0 running on W2000 professional server OS.
So what I am understanding then......if I had the above adjusted (DNScache), I could send an email with an attachment ie. "zip file". And because of the setting on the server (DNScache), it would make it very difficult or impossible for the hacker to intercept the attachment (zip file). In either case, I guess it would add another layer of security to site with or without SSL.
Thanks for your replies
October 7th, 2002, 11:34 PM
>> I am using IIS 5.0 running on W2000 professional server OS
Then sorry, using IIS on win2k implies that you don't care about security. If you really do, stop using M$ as your server OS now.
If you don't have any difficulty configuring SSL then just go for it and stop concerning about packet interception because there are thousands of essential things on your todo list awaiting.
October 9th, 2002, 12:23 PM
This depends on a few factors, mainly
1. Hacker a could get this information by
a) Sniffing traffic - depends on your network - if it's switched & fairly secure - this isn't possible, once it leaves your network someone would have to have compromised a providers router - so I'd have to say this is unlikely, none-the-less possible.
2. Compromised your server, again if it's internal & fairly secure - an unlikely event
But if your hacker is your internal admin team, your not gonna hide it from them, look into pgp(encryption) for yer mails.
hen sorry, using IIS on win2k implies that you don't care about security. If you really do, stop using M$ as your server OS now.
Horses for courses really - no denying FreeBSD is a nice NIX variant - but doesn't suit everyone.
October 10th, 2002, 01:29 PM
>> but doesn't suit everyone
Because many are technical incapable out there who know just point-n-click.
October 12th, 2002, 04:35 PM
Following on from what freebsd said, the kind of people you're going to get using IIS/Win2k are going to be technically unsound. Since IIS comes with everything turned on by default and loads of woefully insecure default filters, this is a dangerous combination.
October 12th, 2002, 04:41 PM
I certainly do not want to be technically unsound.....I have been exploring apache/W2000 Server. That would be my only other alternative.
Any comments on that combination?
October 12th, 2002, 04:43 PM
Any reason in particular why you can't run it on Linux? It's not as stable or secure on Win32 as it is on *NIX (though Apache 2 is attempting to change this).