The macosxhints Forums

The macosxhints Forums (http://hintsforums.macworld.com/index.php)
-   Networking (http://hintsforums.macworld.com/forumdisplay.php?f=14)
-   -   Can port ranges be setup on Airports? (http://hintsforums.macworld.com/showthread.php?t=36883)

hayne 03-22-2005 07:13 PM

Quote:

Originally Posted by KRaven0825
maybe apple will allow ranges in the newer firmware installments

Not likely unless enough people ask for it:
http://www.apple.com/macosx/feedback/

But note that there are 3rd-party Airport basestation configuration utilities available - maybe one of these will allow you to configure more ports.

voldenuit 03-22-2005 07:49 PM

Carlos, as I clearly stated, I'd need to control at least one machine somewhere on the route between you and the server you use with cleartext passwords to sniff packets.
Given that, all your passwords are mine.

How easily and by whom that physical or administrative access can be gained, varies quite a lot.

And it should be up to everyone to assess that risk.

But you'll probably agree that denying how easy it is to sniff cleartext traffic, even in most switched contexts, is no less than a misrepresentation of the truth.

trevor provided some pointers to more sniffing-tools, they're readily available and easy to use.

In security matters, one should always err to the safe side and those who are unaware of risks should be informed.

However, with only the data you volonteer and provided all of your systems are correctly administered, and no doubt they are, +I+ would not be able to sniff passwords.
But are you sure the switches at your colo are immune to an ARP-spoofing rack-neighbour ?

KRaven0825 03-22-2005 08:27 PM

Quote:

Originally Posted by CAlvarez
Put a hundred bucks on the table. I'll give you my IP address and the addresses of all my servers which I access in cleartext, and I'll match the $100 if you can capture a single password.

--------

for a 100 bucks even i'd try , and i've never hacked anything lol

trevor 03-22-2005 09:28 PM

Quote:

Originally Posted by CAlvarez
Put a hundred bucks on the table. I'll give you my IP address and the addresses of all my servers which I access in cleartext, and I'll match the $100 if you can capture a single password.

You're challenging me to break the law for $100? The answer is clearly no. Please don't ever ask me to do anything illegal again.

Sniffing requires having an account on a box on your subnet, or on a router over which your data passes. Since I (presumably) am not on your subnet, and don't own any of the routers between you and your remote servers, it is not a matter of simply installing dsniff.

So, I would first have to break into someone else's computer. This would be a computer owned by someone else who has not asked to be broken into. This is not the kind of person I am, and I hope that this is not the kind of forum that condones those things.

Trevor

KRaven0825 03-22-2005 09:38 PM

Guys you're all pretty brilliant, you keep arguing like this, you're gonna just look dumber and dumber.....so boys don't make me seperate you :D

trevor 03-22-2005 09:43 PM

Quote:

Originally Posted by KRaven0825
oh for anyone interested, a buddy of mine took the whodo command off of unix, and made it work for Mac OS X...if you're interested....here

Very nice! I get ttyp# perfectly, where # is the terminal window(s) that I have open.

Am I supposed to get the error
ps: /dev/ttyconsole: No such file or directory
? That is presumably the GUI user logged in.

Trevor

KRaven0825 03-22-2005 09:57 PM

Quote:

Originally Posted by trevor
Very nice! I get ttyp# perfectly, where # is the terminal window(s) that I have open.

Am I supposed to get the error
ps: /dev/ttyconsole: No such file or directory
? That is presumably the GUI user logged in.

Trevor

------
yea i get it too, it is because at work when we had unix, it presumes a few things that don't apply on a mac...i am sure it could be fixed, but i just ignore it.

CAlvarez 03-22-2005 10:45 PM

Quote:

You're challenging me to break the law for $100? The answer is clearly no. Please don't ever ask me to do anything illegal again.
:rolleyes: Uh huh. Right. It's not against the law if I tell you to do it. Do you think I break the law every time I attack one of my clients' systems for vulnerability testing?

Quote:

you keep arguing like this, you're gonna just look dumber and dumber
Yup. I'm out. I don't feel like explaining theory vs. reality once again.


All times are GMT -5. The time now is 07:18 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.