> Finally, Peter Summers' last statement worries me:
> > What would the paswwords (sic) be doing in IP packets? Besides,
> > they're encryrypted (sic), I think quite securely..
Whoops.
> I assumed that NetWare passwords *would* be in IP packets *if* you've
> enabled telnet or FTP on your NetWare server. Please correct me if I'm
> wrong about this; I haven't had a chance to rev up my protocol analyzer
> to test my impetuous statement. Moreover, all the Ethernet protocol
Yes, if you enable FTP or Telnet, I suspect you're right. Does
anyone out there know for sure?
> analyzers I've seen can capture IPX packets just as well as IP packets.
> Peter is correct when he says that NetWare passwords are encrypted,
> but what if (1) you knew the encryption algorithm and (2) used that
> algorithm to encrypt a dictionary of English words? Knowing how lazy
> most people are about creating their passwords, I bet you could hit
> paydirt pretty easily if you had captured a bunch of encrypted
> passwords and compared them to the list of words in your encrypted
> dictionary.
Again, you're probably correct. Another good reason not to enable
FTP or Telnet.
Cheers,
Peter Summers <u5533129 @
ucsvc .
ucs .
unimelb .
edu .
au>
Cardiology Department Phone (+613/03) 342 8727 (B)
Royal Melbourne Hospital (+613/03) 387 4203 (H)
AUSTRALIA 3050 Fax (+613/03) 347 2808
|
|
