OFF: anon.penet.fi
Paul Mather
paul at GROMIT.DLIB.VT.EDU
Thu May 14 12:52:13 EDT 1998
On Thu, 14 May 1998, M Holmes wrote:
> Hulsebos A writes:
>
> > It's true, however, that you still can figure out where encrypted mail gets
> > sent to. But that's also true for a letter. The anonymous remailer just
> > makes sure that the return address is only known at the remailer.
>
> A better anon remailer would either maintain a constant flood of traffic
> to prevent traffic analysis, or at least save hundreds of messages and
> mail them all out at once.
Actually, the anonymous remailer network does take into account traffic
analysis. There is a network of remailers, and a message entering the
system will get randomly circulated through the network before being
delivered to its intended recipient. Additionally, there can be a
random delay at each remailer stage, so that the next message out of the
remailer is not necessarily the one that just went in.
I agree with the other poster about unencrypted e-mail being like a
postcard. You don't even really need much in the way of privileges to
read it, either: if your LAN has Windoze 95 systems on it (as
increreasingly is the case), just run an ethernet packet sniffer that
looks for SMTP packets, et voila! (Although I also agree with the other
poster about why the heck would anyone want to read someone else's
e-mail; I have enough trouble keeping up with my own!)
A good way to combat packet sniffing is to use something like SSH---a
drop-in replacement for the Berkeley "r" commands (rsh, rcp, etc.) which
encrypts all its traffic going over the wire. SSH is your friend.
Cheers,
Paul.
obCD: Bevis Frond, _New River Head_
e-mail: paul at gromit.dlib.vt.edu
"I didn't mean to take up all your sweet time"
--- James Marshall Hendrix
More information about the boc-l
mailing list