My ex-employer set up dozens of networks, including their own, like this:
http://www.flickr.com/photos/28053558@N08/6310456457/
The server and the WIFI access point would both have routable internet addresses. The access point would be a router and would be DHCP server with a private range of IPs for clients.
My boss would use administrator credentials for anything that wasn’t attached to a specific user, and would set up everything with plain text authentication (I don’t think he was aware there was any other kind, despite my attempts to educate him). So there would be lots of unencrypted passwords, actually for all users (and many users would be set up as domain admins even though they shouldn’t be!
I have seen passwords in traffic when I plug a laptop into the switch and run Wireshark, of course, but how would/could someone sniff this traffic from an internet connection, or the wifi connection? I mean it seems to me like you would have to be in the subnet that the server’s internet IP address falls into, right?
I am asking this so as to improve my security knowledge, not to try to hack them (really, it wouldn’t even be this difficult).
