Tuesday, March 11, 2008
I've signed up for a few lists at About.com's "About U" partly out of need, and partly out of curiosity. The Spanish stuff is out of need (sorta) and the network, web, and security lists out of curiosity. First, how do they present the material? Second, how reliable is their information? Third, I might learn something even from introductory materials. I'll comment on these from time-to-time, but overall my early impression is that they do a pretty good job. I just read the "Introduction to Security Tools" introduction to packet sniffing, and have a couple specific comments. First, they give the impression that a sniffer can sniff an entire subnet. This is likely an intentional oversimplification. With a wired network, e.g., Ethernet, sniffing beyond a subnet requires planting a tool (malware) on a host on another subnet. However, on Ethernet, a sniffer mostly sees frames on a single LAN segment, which is more local than just the subnet. Most Ethernets are switched, and so the switches learn where various hosts are, and then filter out frames that individual hosts have no need to see. A sniffer will still see various multicasts and broadcasts on the Ethernet, but will miss most unicasts not directed to the host running the sniffer. On 802.11, the situation's not so straightforward. Any particular receiver may be within range of multiple subnets, and if the WLANs aren't encrypted, multiple subnets could be sniffed at one time. The other issue is that the receiver may be within range of some nodes on a subnet and not others. This particular About U "course" includes quizzes at the end of each session. One of the questions is predicated upon the statement that "usernames and passwords are generally transmitted across the network in" cleartext. This may be true--it certainly was up to, say, the mid '90s--but I certainly hope it's not true today. Anyhow, I think About U is a valuable service for beginners.