Fading into White - SSH Tunneling

          Today's internet has gone a long way from it's friendly academic and research roots. In the past one might not worry about sending a password over an internet connection. Not so today ! It is a trivial exercise to sniff passwords. To see how this can be done download and install ethereal and use POP3 to recieve your email on a remote server. Your username and password can easily be retrieved by listening "on the wire". Here is a screen shot of my username and passwordretrieved from an unencrypted Pop3 session. I have blacked out my password ;-)

Ethereal Screenshot

If you want to try this yourself you will need the WinPcap library to run ethereal. You can download winpcap at http://winpcap.mirror.ethereal.com/install/default.htm. Installing Winpcap and ethereal is very easy. This technology is accessible to a large audience of potential wrongdoers, so it is important that you protect yourself and your passwords ! Network Sniffers are normally used to debug network connections, but there is nothing to stop someone from using it to grab unencrypted traffic.

Here are a few screen shots of the ethereal installation process on MS Windows 98(TM).

The ease of installing network sniffing programs is why telnet and other "plain text" protocols are deprecated for logging into remote servers. In recieving mail via POP, the use of the APOP command offers protection for your password, but your username and all your email is easily readable "on the wire". Network sniffing is particularly dangerous on wireless networks as people may be parked outside your building sniffing. The encryption used on most wireless networks can be broken easily.

Modern Cryptography provides a method to prevent anyone from sniffing your POP traffic. The Windows(TM) program Putty allows you to shield your Pop sessions within an encrypted tunnel. Putty can be downloaded from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. It is distributed free of charge under the MIT license.


To set up an ssh tunnel under windows do the following.

  • First set up a session for the tunnel.
  • Set up an SSH tunnel to port 110 (POP3)
    of your incoming mailserver.
    <
    Set up an SSH tunnel to port 25 (SMTP)
    of your outgoing mailserver.
    To Reduce the amount of typing configure
    putty to save your username

          In order to run these commands there has to be a running sshd on the target machine and you need to have a valid system account. BE SURE THAT YOU HAVE PERMISSION from YOUR PROVIDER BEFORE you do this. Stringent new laws have been passed in many US states to prevent people from obfuscating the origins of communications. Check your local laws before you do this.

To test your setup ssh tunneling command and
user Putty to telnet localhost 110
if all is working, you will get the pop server banner.
Likewise To test the outgoing (SMTP) connection, use Putty to
telnet to port 25.

To set up outlook express to use your ssh tunnel, first start outlook express, click on "Tools" then select "Accounts". Remove the unencrypted account and then click "Add" and select "Mail". The Wizard will start and you can add your new settings. Everything will be the same until your get to "E-mail Server Names". There you will enter 127.0.0.1 for your incoming and outgoing mail servers.

If you are running a local anti-virus mail proxy like Norton Anti-Virus(TM) you will need to edit Norton's Outlook settings to use a higher port on your local box to relay the mail. I have not tested this as i do not have a copy of Norton's to use. While i am capable on Windows (TM) i do 90% of my work on *nix boxes - Sorry Bill ;-).

....and everything fades to white noise....

                                     Marina


The screen shots on this page were created with a demo copy of "5 clicks" available from http://www.screen-capture.net.

This Page is © Marina Brown - All Rights Reserved, Windows, Putty are Copyright and or Trademarked by their respective owners.