As many of you are undoubtedly aware, the use of "sniffers" to monitor network traffic and thus steal passwords is a serious problem, and has been so for quite some time. Indeed, last year's break-in here may have been in part due to the use of a sniffer on a site in Colorado. Once he was "in" here, the culprit immediately set up a sniffer here, resulting in the confirmed theft of dozens of passwords, perhaps many more.
To quote from an advisory issued by CERT on the matter:
...CERT has observed a dramatic increase in reports of intruders monitoring network traffic. Systems of some service providers have been compromised, and all systems that offer remote access through rlogin, telnet, and FTP are at risk. Intruders have already captured access information for tens of thousands of systems across the Internet. The current attacks involve a network monitoring tool that uses the promiscuous mode of a specific network interface, /dev/nit, to capture host and user authentication information on all newly opened FTP, telnet, and rlogin sessions.We propose a phased transition to the use of one-time passwords throughout EECSNet. This proposal recognizes the distinction between common-access CSEL-owned machines such as delta, and faculty or research lab machines, and handles them somewhat differently.
[...]
The best long-term solution currently available for this attack is to reduce or eliminate the transmission of reusable passwords in clear-text over the network.
[...]
Long-term prevention: CERT recognizes that the only effective long-term solution to prevent these attacks is by not transmitting reusable clear-text passwords on the network.
[...]
ONE-TIME PASSWORDS
Given today's networked environments, CERT recommends that sites concerned about the security and integrity of their systems and networks consider moving away from standard, reusable passwords. CERT has seen many incidents involving Trojan network programs (e.g., telnet and rlogin) and network packet sniffing programs. These programs capture clear-text hostname, account name, password triplets. Intruders can use the captured information for subsequent access to those hosts and accounts. This is possible because 1) the password is used over and over (hence the term "reusable"), and 2) the password passes across the network in clear text.
Several authentication techniques have been developed that address this problem. Among these techniques are challenge-response technologies that provide passwords that are only used once (commonly called one-time passwords).
[More information about the specific software being discussed (called S/KEY) is available at the URL http://web.ece.nwu.edu/CSEL/skey.html]