question about basics of creating a PROXY to MONITOR network activity
Chris Angelico
rosuav at gmail.com
Thu Apr 8 13:44:58 EDT 2021
On Fri, Apr 9, 2021 at 12:42 AM <2QdxY4RzWzUUiLuE at potatochowder.com> wrote:
>
> On 2021-04-09 at 00:17:59 +1000,
> Chris Angelico <rosuav at gmail.com> wrote:
>
> > Also, you'd better be really REALLY sure that your monitoring is
> > legal, ethical, and not deceptive.
>
> Not to mention *secure*. Your monitor increases the attack surface of
> the system as a whole. If I break into your monitor, can I recover
> passwords (yours, users, servers, etc.)? Can I snoop on traffic? Can I
> snoop metadata (like when which users are talking to which servers) not
> otherwise available on your network?
Is it even possible to be secure in that way? This is, by definition,
a MITM, and in order to be useful, it *will* have to decrypt
everything. So if someone compromises the monitor, they get
everything.
But try asking those questions minus the "break into the monitor"
part. Does the mere presence of the monitor mean that someone *else*
can start monitoring too?
TBH though, I think the other questions are going to largely shut this down.
ChrisA
More information about the Python-list
mailing list