The Cidr Report

Valdis.Kletnieks at Valdis.Kletnieks at
Sun Oct 16 18:56:29 UTC 2011

On Sun, 16 Oct 2011 10:06:10 EDT, "William F. Maton Sotomayor" said:

> A similar thing was done at a USENIX in Monterey over a decade ago.  The 
> point behind that one was to drive home how bad it was for the attendees 
> to use telnet to their boxes at the mothership.  Nothing like seeing 
> people watch their passwords put up on two screens to teach them about 
> SSH.

Did something similar at a SANS-EDU class a few years back, maybe 300 or so
attendees.  The first morning, I ran several carefully crafted tcpdumps on the
wireless network to get just the SYN packets for telnet, ssh, rlogin/rsh, and
POP in cleartext and over SSL. Then just before class started up after lunch, I
announced the counts (was about 1/3 encrypted, 2/3 cleartext).

When the slide with the numbers hit the screen, a predictable 2/3 suddenly got
outraged "You have no right to grab our passwords/ that's irresponsible behaior
for a security professional/ etc". So I joked "See Randy, I *told* you we
wouldn't have to map from IP to MAC to conference registration to tell who they
were" which didn't help matters much. ;)  Then I tell them that yes, it *would*
be irresponsible for me to snarf passwords, so I only grabbed SYN packets.  The
room got quiet, till I added "but those random people sitting out in the atrium aren't
security professionals, and we have no control over whether they grab passwords
or not, so you probably want to change your passwords."

Sudden flurry of typing from 2/3 of the people.  "Over  a secure channel, of course".

Sudden lack of typing and a lot of deer-in-headlights looks, and one voice from
the back of the room "Well played" ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list